Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: Win7: Firefox öffnet ständig neue Tabs, Webseiten trotz AddBlock voll mit Werbeblöcken

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 03.11.2014, 13:01   #1
PegLeg
 
Win7: Firefox öffnet ständig neue Tabs, Webseiten trotz AddBlock voll mit Werbeblöcken - Icon34

Win7: Firefox öffnet ständig neue Tabs, Webseiten trotz AddBlock voll mit Werbeblöcken



Hallo!

Folgendes Problem mit Firefox: Es öffnen sich ständig neue Tabs mit Werbung, meist wenn man mit dem Cursor etwas ausgewählt hat, z.B. wenn ich mich in mein Email Konto einloggen möchte. Dieses Problem ist aber nicht Webseiten spezifisch, sondern tritt eigentlich immer auf.
In den Tabs steht eine Empfehlung Mozilla oder Flash zu aktualisieren oder der Computer sei gefährdet.

Eine weitere recht lästige Angelegenhet ist die Werbung auf den Seiten. Ich habe schon immer einen AddBlocker benutzt doch nun wird es immer mehr. Ich öffne eine Seite und sie lädt sich vollständig. Dann wird erneut geladen und es erscheinen mehrere "Platzhalter" für Werbung, sind also weiß unterlegt und keine Werbung sichtbar. Darunter steht "Adds by Info - Ad Options".
Dadurch verschiebt sich die Ansicht quasi, da mehrere Werbeblöcke untereinander auftauchen. Mittlerweile gibt es auch Werbung die sich über die eigentliche Homepage legt, also die Sicht versperrt.

Eine Ecke klappt sich herunter wie eine Buchseite und wenn ich mit dem Cursor darüber fahre, "blättert" die Ecke über den halben Bildschirm.

Alles ziemlich lästig, da es meiner Meinung nach auch alles verlangsamt...

Jau, soweit so gut.

Ich hoffe ihr könnt mir helfen und schon mal vielen Dank für eure Mühe!!
____________________________
Nun anbei die geforderten Logfiles...

defogger

Code:
ATTFilter
defogger_disable by jpshortstuff (23.02.10.1)
Log created at 13:00 on 03/11/2014 (Jakob)

Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.

Checking for services/drivers...
SPTD -> Already disabled


-=E.O.F=-
         
Frst.txt

Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 01-11-2014
Ran by Jakob (administrator) on NB-JAKOB on 02-11-2014 13:25:51
Running from C:\Users\Jakob\Downloads
Loaded Profile: Jakob (Available profiles: Jakob)
Platform: Microsoft Windows 7 Home Premium  (X86) OS Language: Deutsch (Deutschland)
Internet Explorer Version 9
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(Nero AG) C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
() C:\monitor.exe
() C:\Windows\score.exe
() C:\Users\Jakob\AppData\Roaming\WHService\wh.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(enter) C:\Program Files\videos+Media+Players\bfe22ba4-de96-4be5-9aea-9bc915bbb213.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
() C:\Program Files\Universal Updater\CrashMon.exe
(MyOSCompany) C:\Program Files\PCTRunner\MyOSProtect.exe
(Spotify Ltd) C:\Users\Jakob\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner.exe
(Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe
(Microsoft Corporation) C:\Windows\System32\wuauclt.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\plugin-container.exe
(Adobe Systems, Inc.) C:\Windows\System32\Macromed\Flash\FlashPlayerPlugin_15_0_0_152.exe
(Adobe Systems, Inc.) C:\Windows\System32\Macromed\Flash\FlashPlayerPlugin_15_0_0_152.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [BCSSync] => C:\Program Files\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation)
HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [974432 2014-08-22] (Microsoft Corporation)
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959176 2014-08-21] (Adobe Systems Incorporated)
HKLM\...\Run: [mbot_de_120] => [X]
HKLM\...\Run: [CrashMon] => C:\Program Files\Universal Updater\CrashMon.exe [404992 2014-09-23] ()
HKLM\...\RunOnce: [AvgUninstallURL] => cmd.exe /c start hxxp://www.avg.com/ww.special-uninstallation-feedback-app?lic=OQBBAFYARgBSAEUARQAtAFYAMgBHADMASwAtADgANwBXAFUAVQAtADIAVABWAEgAQQAtAFgANgBEAEYAOAAtAEwANgBQAEEATgA"&"inst=NwA3AC0ANAAzAD (the data entry has 261 more characters).
HKU\S-1-5-21-2661586429-2275987487-1405664113-1000\...\Run: [iLivid] => "C:\Users\Jakob\AppData\Local\iLivid\iLivid.exe" -autorun
HKU\S-1-5-21-2661586429-2275987487-1405664113-1000\...\Run: [smoother] => C:\Users\Jakob\AppData\Roaming\SmootherWeb\SmootherWeb-Installer.exe [489651 2014-08-27] ()
HKU\S-1-5-21-2661586429-2275987487-1405664113-1000\...\Run: [Infigo] => C:\Program Files\Infigo\Infigo.exe onrun
HKU\S-1-5-21-2661586429-2275987487-1405664113-1000\...\Run: [Only-search] => C:\Users\Jakob\AppData\Local\onlysearch\onlysearch\1.3.12.9\onlysearch.exe
HKU\S-1-5-21-2661586429-2275987487-1405664113-1000\...\Run: [Spotify] => C:\Users\Jakob\AppData\Roaming\Spotify\Spotify.exe [6553144 2014-10-08] (Spotify Ltd)
HKU\S-1-5-21-2661586429-2275987487-1405664113-1000\...\Run: [Spotify Web Helper] => C:\Users\Jakob\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1514040 2014-10-08] (Spotify Ltd)
HKU\S-1-5-21-2661586429-2275987487-1405664113-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner.exe [4811032 2014-09-26] (Piriform Ltd)
HKU\S-1-5-21-2661586429-2275987487-1405664113-1000\...\MountPoints2: E - E:\LaunchU3.exe -a
HKU\S-1-5-21-2661586429-2275987487-1405664113-1000\...\MountPoints2: {5f70df93-5adf-11df-a4bc-0090f59441f5} - G:\LaunchU3.exe -a
HKU\S-1-5-21-2661586429-2275987487-1405664113-1000\...\MountPoints2: {73c22545-4f9c-11df-99d0-0090f59441f5} - E:\setup_vmc_lite.exe /checkApplicationPresence
HKU\S-1-5-21-2661586429-2275987487-1405664113-1000\...\MountPoints2: {7a0efab4-3b12-11df-aba7-0090f59441f5} - E:\setup_vmc_lite.exe /checkApplicationPresence
HKU\S-1-5-21-2661586429-2275987487-1405664113-1000\...\MountPoints2: {7b18ae0a-49a7-11e1-a891-0090f59441f5} - "G:\WD SmartWare.exe" autoplay=true
HKU\S-1-5-21-2661586429-2275987487-1405664113-1000\...\MountPoints2: {7e660afa-4bde-11df-b9db-0090f59441f5} - G:\setup_vmc_lite.exe /checkApplicationPresence
HKU\S-1-5-21-2661586429-2275987487-1405664113-1000\...\MountPoints2: {9d67489e-50b4-11df-b55a-0090f59441f5} - G:\setup_vmc_lite.exe /checkApplicationPresence
HKU\S-1-5-21-2661586429-2275987487-1405664113-1000\...\MountPoints2: {b21342a6-775d-11e1-a19f-0090f59441f5} - G:\setup.exe
HKU\S-1-5-21-2661586429-2275987487-1405664113-1000\...\MountPoints2: {e995a64b-3676-11df-9687-0090f59441f5} - E:\setup_vmc_lite.exe /checkApplicationPresence
HKU\S-1-5-21-2661586429-2275987487-1405664113-1000\...0c966feabec1\InprocServer32: [Default-shell32]  ATTENTION! ====> ZeroAccess?
HKU\S-1-5-21-2661586429-2275987487-1405664113-1000\...409d6c4515e9\InprocServer32: [Default-shell32]  <==== ATTENTION!
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
CHR HKCU\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://feed.snapdo.com/?p=mKO_AwFzXIpYRbPGr6JN_C9Okvk3V9BHMT-IkVs3eDgJ_lxMV3YF4my25wxYHXyASzji5vVvVr-uW_8F9leeXu_hkrNktCKCJXuyMrq1B3bm01kX-rRaOpZeNZC_hJoyQXgvJWKuAXHf51Lqv6ZGmIWCcbHWVNyKa0OD2L3QY42hopuYG2GA-l_yk8Ok-_R3jg,,&q={searchTerms}
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.mysearchpage.net
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.aartemis.com/web/?type=ds&ts=1384943334&from=cor&uid=WDCXWD1600BEVT-00ZCT0_WD-WX70AA91018710187&q={searchTerms}
HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://feed.snapdo.com/?p=mKO_AwFzXIpYRbPGr6JN_C9Okvk3V9BHMT-IkVs3eDgJ_lxMV3YF4my25wxYHXyASzji5vVvVr-uW_8F9leeXu_hkrNktCKCJXuyMrq1B3bm01kX-rRaOpZeNZC_hJoyQXgvJWKuAXHf51Lqv6ZGmIWCcbHWVNyKa0OD2L3QY42hopuYG2GA-l_yk8Ok-_R3jg,,&q={searchTerms}
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.aartemis.com/web/?type=ds&ts=1384943334&from=cor&uid=WDCXWD1600BEVT-00ZCT0_WD-WX70AA91018710187&q={searchTerms}
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://start.mysearchdial.com/?f=1&a=dsites02_14_18_ff&cd=2XzuyEtN2Y1L1QzutDtDzytD0FyDzyyEyEtC0FyD0Czy0EtBtN0D0Tzu0SzzyDtDtN1L2XzutBtFtBtDtFyCtFtDtN1L1CzutCyEtDtAtDyD1V1StN1L1G1B1V1N2Y1L1Qzu2StBzy0F0AtBtCzy0CtGzztDtA0EtG0FtAyEyDtGzytD0CzztGyB0CzzyC0C0Czy0AyDzy0FtA2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyByEyE0CzztAzytBtG0D0B0D0BtG0FtBtCyDtGtA0CyEyBtGtD0DtAyD0DyCtAtDyB0CtD0C2Q&cr=1312051145&ir=
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.aartemis.com/web/?type=ds&ts=1384943334&from=cor&uid=WDCXWD1600BEVT-00ZCT0_WD-WX70AA91018710187&q={searchTerms}
StartMenuInternet: IEXPLORE.EXE - C:\Program Files\Internet Explorer\iexplore.exe hxxp://aartemis.com/?type=sc&ts=1384943334&from=cor&uid=WDCXWD1600BEVT-00ZCT0_WD-WX70AA91018710187
SearchScopes: HKLM - DefaultScope {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = hxxp://feed.snapdo.com/?p=mKO_AwFzXIpYRbPGr6JN_C9Okvk3V9BHMT-IkVs3eDgJ_lxMV3YF4my25wxYHXyASzji5vVvVr-uW_8F9leeXu_hkrNktCKCJXuyMrq1B3bm01kX-rRaOpZeNZC_hJoyQXgvJWKuAXHf51Lqv6ZGmIWCcbHWVNyKa0OD2L3QY42hopuYG2GA-l_yk8Ok-_R3iQ,,&q={searchTerms}
SearchScopes: HKLM - {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = hxxp://feed.snapdo.com/?p=mKO_AwFzXIpYRbPGr6JN_C9Okvk3V9BHMT-IkVs3eDgJ_lxMV3YF4my25wxYHXyASzji5vVvVr-uW_8F9leeXu_hkrNktCKCJXuyMrq1B3bm01kX-rRaOpZeNZC_hJoyQXgvJWKuAXHf51Lqv6ZGmIWCcbHWVNyKa0OD2L3QY42hopuYG2GA-l_yk8Ok-_R3iQ,,&q={searchTerms}
SearchScopes: HKCU - DefaultScope {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = hxxp://de.search.yahoo.com/search?p={searchTerms}&fr=vc_trans_8140&type=foxysecurity
SearchScopes: HKCU - {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = 
SearchScopes: HKCU - {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = hxxp://de.search.yahoo.com/search?p={searchTerms}&fr=vc_trans_8140&type=foxysecurity
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
BHO: No Name -> {0025320D-4D37-4C73-9A5C-0C28F04068A3} -> C:\Users\Jakob\AppData\LocalLow\IE-BHO\bho.dll ()
BHO: videos+Media+Players -> {11111111-1111-1111-1111-110611491169} -> C:\Program Files\videos+Media+Players\videos+Media+Players-bho.dll No File
BHO: Babylon toolbar helper -> {2EECD738-5844-4a99-B4B6-146BF802613B} ->  No File
BHO: RealNetworks Download and Record Plugin for Internet Explorer -> {3049C3E9-B461-4BC5-8870-4C09146192CA} -> C:\Program Files\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll No File
BHO: DivX Plus Web Player HTML5 <video> -> {326E768D-4182-46FD-9C16-1449A49795F4} -> C:\Program Files\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
BHO: AVG Safe Search -> {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} ->  No File
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: Help the General-Search Project -> {CA4520F3-AE13-4FB1-A513-58E23991C86D} -> C:\Users\Jakob\AppData\Roaming\Media Finder\Extensions\gencrawler_gc.dll ()
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
BHO: DVDVideoSoft IE Extension -> {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} -> C:\Program Files\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns.dll (DVDVideoSoft Ltd.)
BHO: mysearchdial Helper Object -> {EF5625A3-37AB-4BDB-9875-2A3D91CD0DFD} -> C:\Program Files\Mysearchdial\1.8.29.0\bh\mysearchdial.dll No File
Toolbar: HKLM - mysearchdial Toolbar - {3004627E-F8E9-4E8B-909D-316753CBA923} - C:\Program Files\Mysearchdial\1.8.29.0\mysearchdialTlbr.dll No File
Toolbar: HKLM - No Name - {ae07101b-46d4-4a98-af68-0333ea26e113} -  No File
Toolbar: HKCU - No Name - {21FA44EF-376D-4D53-9B0F-8A89D3229068} -  No File
Toolbar: HKCU - No Name - {32099AAC-C132-4136-9E9A-4E364A424E17} -  No File
Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)
Winsock: Catalog9 01 C:\Windows\system32\MyOSProtect.dll [304776] (MyOSCompany)
Winsock: Catalog9 02 C:\Windows\system32\MyOSProtect.dll [304776] (MyOSCompany)
Winsock: Catalog9 03 C:\Windows\system32\MyOSProtect.dll [304776] (MyOSCompany)
Winsock: Catalog9 04 C:\Windows\system32\MyOSProtect.dll [304776] (MyOSCompany)
Winsock: Catalog9 43 C:\Windows\system32\MyOSProtect.dll [304776] (MyOSCompany)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1
Tcpip\..\Interfaces\{B07ECBE4-9AAF-4ABC-8D30-DA46F6686C7B}: [NameServer] 192.168.0.1

FireFox:
========
FF ProfilePath: C:\Users\Jakob\AppData\Roaming\Mozilla\Firefox\Profiles\o5hwgb2r.default
FF NewTab: hxxp://www.mysearchpage.net
FF DefaultSearchEngine: Google
FF SelectedSearchEngine: Google
FF Homepage: hxxp://www.google.de/
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_15_0_0_152.dll ()
FF Plugin: @adobe.com/ShockwavePlayer -> C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF Plugin: @divx.com/DivX Browser Plugin,version=1.0.0 -> C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeLive,version=1.3 -> C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin: @real.com/nprndlhtml5videoshim;version=17.0.12 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll No File
FF Plugin: @real.com/nprpjplug;version=6.0.12.448 -> C:\Program Files\Win7codecs\rm\browser\plugins\nprpjplug.dll (RealNetworks, Inc.)
FF Plugin: @staging.google.com/globalUpdate Update;version=10 -> C:\Program Files\globalUpdate\Update\1.3.25.0\npGoogleUpdate4.dll (globalUpdate)
FF Plugin: @staging.google.com/globalUpdate Update;version=4 -> C:\Program Files\globalUpdate\Update\1.3.25.0\npGoogleUpdate4.dll (globalUpdate)
FF Plugin: @videolan.org/vlc,version=1.0.3 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.5 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF user.js: detected! => C:\Users\Jakob\AppData\Roaming\Mozilla\Firefox\Profiles\o5hwgb2r.default\user.js
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin6.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin7.dll (Apple Inc.)
FF SearchPlugin: C:\Users\Jakob\AppData\Roaming\Mozilla\Firefox\Profiles\o5hwgb2r.default\searchplugins\MyOnlineSearch.xml
FF SearchPlugin: C:\Users\Jakob\AppData\Roaming\Mozilla\Firefox\Profiles\o5hwgb2r.default\searchplugins\onlysearchkms.xml
FF SearchPlugin: C:\Users\Jakob\AppData\Roaming\Mozilla\Firefox\Profiles\o5hwgb2r.default\searchplugins\trovi-search.xml
FF SearchPlugin: C:\Users\Jakob\AppData\Roaming\Mozilla\Firefox\Profiles\o5hwgb2r.default\searchplugins\Web Search.xml
FF SearchPlugin: C:\Users\Jakob\AppData\Roaming\Mozilla\Firefox\Profiles\o5hwgb2r.default\searchplugins\yahoo-msd.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: General Crawler - C:\Users\Jakob\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\gencrawler@some.com [2012-03-17]
FF Extension: HQ-Video-Pro-2.1V27.10 - C:\Users\Jakob\AppData\Roaming\Mozilla\Firefox\Profiles\o5hwgb2r.default\Extensions\0cd1569197354ecf9be03@d3ee3bc4210848f7b5a58324f064f.com [2014-10-27]
FF Extension: 551f29203c1911e1b86c0800200c9a66jetpack - C:\Users\Jakob\AppData\Roaming\Mozilla\Firefox\Profiles\o5hwgb2r.default\Extensions\551f2920-3c19-11e1-b86c-0800200c9a66@jetpack [2014-10-07]
FF Extension: videos+Media+Players - C:\Users\Jakob\AppData\Roaming\Mozilla\Firefox\Profiles\o5hwgb2r.default\Extensions\975af956-6d8c-4897-837a-25c267d2cec1@gmail.com [2014-10-03]
FF Extension: mysearchdial.com - C:\Users\Jakob\AppData\Roaming\Mozilla\Firefox\Profiles\o5hwgb2r.default\Extensions\ffxtlbr@mysearchdial.com [2014-04-10]
FF Extension: Fox Sec 7 - C:\Users\Jakob\AppData\Roaming\Mozilla\Firefox\Profiles\o5hwgb2r.default\Extensions\fx@foxysecureKDJJHVLSDUVFU.com [2014-10-28]
FF Extension: httpnowherecwilpergithubcom - C:\Users\Jakob\AppData\Roaming\Mozilla\Firefox\Profiles\o5hwgb2r.default\Extensions\http-nowhere@cwilper.github.com [2014-11-01]
FF Extension: pagerankclientkoeniglichch - C:\Users\Jakob\AppData\Roaming\Mozilla\Firefox\Profiles\o5hwgb2r.default\Extensions\pagerank-client@koeniglich.ch [2014-10-08]
FF Extension: SparPilot - Gutscheine &amp; mehr... - C:\Users\Jakob\AppData\Roaming\Mozilla\Firefox\Profiles\o5hwgb2r.default\Extensions\sparpilot@sparpilot.com [2014-10-28]
FF Extension: WEB.DE MailCheck - C:\Users\Jakob\AppData\Roaming\Mozilla\Firefox\Profiles\o5hwgb2r.default\Extensions\toolbar@web.de [2014-09-17]
FF Extension: Grooveshark Unlocker - C:\Users\Jakob\AppData\Roaming\Mozilla\Firefox\Profiles\o5hwgb2r.default\Extensions\groovesharkUnlocker@overlord1337.xpi [2013-08-09]
FF Extension: Smoother Web - C:\Users\Jakob\AppData\Roaming\Mozilla\Firefox\Profiles\o5hwgb2r.default\Extensions\jid1-U7omKQ6kQfxMaQ@jetpack.xpi [2014-10-03]
FF Extension: Suche App - C:\Users\Jakob\AppData\Roaming\Mozilla\Firefox\Profiles\o5hwgb2r.default\Extensions\{47744fca-0011-4ba5-ba33-24ae19355a42}.xpi [2014-07-20]
FF Extension: DVDVideoSoft YouTube MP3 and Video Download - C:\Users\Jakob\AppData\Roaming\Mozilla\Firefox\Profiles\o5hwgb2r.default\Extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}.xpi [2012-11-20]
FF Extension: MySearchDial - C:\Users\Jakob\AppData\Roaming\Mozilla\Firefox\Profiles\o5hwgb2r.default\Extensions\{ad9a41d2-9a49-4fa6-a79e-71a0785364c8}.xpi [2014-04-29]
FF Extension: Adblock Plus - C:\Users\Jakob\AppData\Roaming\Mozilla\Firefox\Profiles\o5hwgb2r.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-03-20]
FF Extension: BonanzaDeals - C:\Users\Jakob\AppData\Roaming\Mozilla\Firefox\Profiles\o5hwgb2r.default\Extensions\{f9d03c26-0575-497e-821d-f7956d23e0ca}.xpi [2013-12-18]
FF HKLM\...\Firefox\Extensions: [{23fcfd51-4958-4f00-80a3-ae97e717ed8b}] - C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5
FF Extension: DivX Plus Web Player HTML5 &lt;video&gt; - C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2012-03-13]
FF HKLM\...\Firefox\Extensions: [{ACAA314B-EEBA-48e4-AD47-84E31C44796C}] - C:\Program Files\Common Files\DVDVideoSoft\plugins\ff
FF Extension: Download videos and MP3s from YouTube - C:\Program Files\Common Files\DVDVideoSoft\plugins\ff [2014-04-10]
FF HKLM\...\Firefox\Extensions: [{7C9C2591-51ED-44FA-8D03-450B92643F95}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext
FF HKCU\...\Firefox\Extensions: [{B64D9B05-48E1-4CEB-BF58-E0643994E900}] - C:\Program Files\Common Files\DVDVideoSoft\plugins\ff

Chrome: 
=======
CHR HKLM\...\Chrome\Extension: [dednnpigldgdbpgcdpfppmlcnnbjciel] - C:\Users\Jakob\AppData\Roaming\Media Finder\Extensions\gencrawler_gc.crx [2012-03-17]
CHR HKLM\...\Chrome\Extension: [iagcajndpnfncplednpbnkahadegklfa] - C:\Users\Jakob\AppData\Local\speedial.crx [2014-04-10]
CHR HKLM\...\Chrome\Extension: [lpmkgpnbiojfaoklbkpfneikocaobfai] - C:\Users\Jakob\AppData\Roaming\Media Finder\Extensions\mf_plugin_gc.crx [2014-04-10]
CHR HKLM\...\Chrome\Extension: [nneajnkjbffgblleaoojgaacokifdkhm] - C:\Program Files\DivX\DivX Plus Web Player\chrome\DivXHTML5\DivXHTML5.crx [2011-12-12]
CHR HKCU\...\Chrome\Extension: [iagcajndpnfncplednpbnkahadegklfa] - C:\Users\Jakob\AppData\Local\speedial.crx [2014-04-10]
CHR HKCU\...\Chrome\Extension: [nikpibnbobmbdbheedjfogjlikpgpnhp] - C:\Program Files\Common Files\DVDVideoSoft\plugins\DVDVideoSoftBrowserExtension.crx [2014-04-10]

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S2 globalUpdate; C:\Program Files\globalUpdate\Update\GoogleUpdate.exe [68608 2014-10-27] (globalUpdate) [File not signed]
S3 globalUpdatem; C:\Program Files\globalUpdate\Update\GoogleUpdate.exe [68608 2014-10-27] (globalUpdate) [File not signed]
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [22192 2014-08-22] (Microsoft Corporation)
R3 MyOSProtect; C:\Program Files\PCTRunner\MyOSProtect.exe [1317096 2014-09-01] (MyOSCompany) [File not signed]
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [288120 2014-08-22] (Microsoft Corporation)
S2 ProtectMonitor; C:\monitorsvc.exe [34244 2014-09-02] () [File not signed] <==== ATTENTION
R2 scores; C:\Windows\score.exe [4834816 2014-10-03] () [File not signed]
R2 WHService; C:\Users\Jakob\AppData\Roaming\WHService\wh.exe [628736 2014-10-23] () [File not signed]
S2 RealNetworks Downloader Resolver Service; "C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe" [X]
S2 Update CommonShare; "C:\Program Files\CommonShare\updateCommonShare.exe" [X]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S3 AF9035HB; C:\Windows\System32\Drivers\AF9035HB.sys [855808 2012-02-11] (AfaTech                  )
R3 Afc; C:\Windows\System32\drivers\Afc.sys [18688 2006-11-10] (Arcsoft, Inc.)
S3 hwusbfake; C:\Windows\System32\DRIVERS\ewusbfake.sys [102912 2009-06-29] (Huawei Technologies Co., Ltd.)
S3 ivusb; C:\Windows\System32\DRIVERS\ivusb.sys [25112 2010-07-29] (Initio Corporation)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [231800 2014-07-17] (Microsoft Corporation)
R1 pcwatch; C:\Windows\system32\Drivers\pcwatch.sys [20480 2014-09-01] () [File not signed] <==== ATTENTION
R3 RTL8187B; C:\Windows\System32\DRIVERS\RTL8187B.sys [379904 2010-03-31] (Realtek Semiconductor Corporation                           )
R0 sptd; C:\Windows\System32\Drivers\sptd.sys [697328 2010-11-29] () [File not signed]
R1 {e4a6645a-3f85-4e1f-aa41-8367978844db}Gw; C:\Windows\System32\drivers\{e4a6645a-3f85-4e1f-aa41-8367978844db}Gw.sys [43200 2014-10-03] (StdLib)
U3 afem6oki; C:\Windows\system32\Drivers\afem6oki.sys [0 ] (JMicron Technology Corporation)
S1 Salus; system32\drivers\Salus.sys [X]
S3 SiS6350; system32\DRIVERS\SISGRKMD.sys [X]

==================== NetSvcs (Whitelisted) ===================


(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-11-02 13:25 - 2014-11-02 13:27 - 00023201 _____ () C:\Users\Jakob\Downloads\FRST.txt
2014-11-02 13:25 - 2014-11-02 13:26 - 00000000 ____D () C:\FRST
2014-11-02 13:25 - 2014-11-02 13:25 - 01105920 _____ (Farbar) C:\Users\Jakob\Downloads\FRST.exe
2014-11-02 13:24 - 2014-11-02 13:24 - 00000000 _____ () C:\Windows\setuperr.log
2014-11-02 13:24 - 2014-11-02 13:24 - 00000000 _____ () C:\Windows\setupact.log
2014-11-02 13:21 - 2014-11-02 13:21 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\Jakob\Downloads\revosetup95.exe
2014-11-02 13:21 - 2014-11-02 13:21 - 00001226 _____ () C:\Users\Jakob\Desktop\Revo Uninstaller.lnk
2014-11-02 13:21 - 2014-11-02 13:21 - 00000000 ____D () C:\Program Files\VS Revo Group
2014-10-28 01:53 - 2014-10-28 01:53 - 00000000 ____D () C:\Users\Jakob\AppData\Roaming\dlg
2014-10-28 01:48 - 2014-10-28 01:48 - 00000000 ____D () C:\Users\Jakob\AppData\Roaming\WHService
2014-10-28 01:48 - 2014-10-28 01:48 - 00000000 ____D () C:\Users\Jakob\AppData\Roaming\Security Systems
2014-10-28 01:46 - 2014-10-28 01:47 - 00664568 _____ () C:\Users\Jakob\Downloads\adblock-plus-firefox.exe
2014-10-27 16:05 - 2014-10-28 01:00 - 00000000 ____D () C:\Program Files\ver0SpeeditUp
2014-10-27 16:05 - 2014-10-27 16:05 - 00002058 _____ () C:\Windows\patsearch.bin
2014-10-27 16:05 - 2014-10-27 16:05 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_Kernel_webinstrNew_01009.Wdf
2014-10-27 14:21 - 2014-10-27 14:21 - 104855036 _____ () C:\Users\Jakob\Downloads\stefanie 3_Abmischung neu 261014 (4).wav
2014-10-27 14:19 - 2014-10-27 14:19 - 104852988 _____ () C:\Users\Jakob\Downloads\stefanie 3_Abmischung alt mir kleinen veränderungen.wav
2014-10-27 12:54 - 2014-10-27 12:54 - 01509296 _____ (HQ-VideoV27.10) C:\Users\Jakob\AppData\Roaming\CQ.exe
2014-10-27 12:53 - 2014-10-27 12:53 - 01993136 _____ (HQ-VideoV27.10) C:\Users\Jakob\AppData\Roaming\QFBC.exe
2014-10-27 12:48 - 2014-10-27 16:34 - 00000000 ____D () C:\Program Files\Probit Software
2014-10-27 12:45 - 2014-10-27 12:45 - 00365920 _____ () C:\Users\Jakob\Downloads\Setup(2).exe
2014-10-23 12:06 - 2014-10-23 12:09 - 40380620 _____ () C:\Users\Jakob\Desktop\Shiny .wav
2014-10-23 12:01 - 2014-10-23 12:06 - 68543306 _____ () C:\Users\Jakob\Desktop\Poppy(1).wav
2014-10-23 11:57 - 2014-10-23 12:00 - 39614060 _____ () C:\Users\Jakob\Desktop\Hiroshima2.wav
2014-10-23 11:53 - 2014-10-23 11:56 - 57003782 _____ () C:\Users\Jakob\Desktop\Bambi.wav
2014-10-23 11:48 - 2014-10-23 11:52 - 48251576 _____ () C:\Users\Jakob\Desktop\_.wav
2014-10-18 22:04 - 2014-10-18 22:04 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2014-10-18 22:02 - 2014-10-18 22:03 - 36865528 _____ () C:\Users\Jakob\Downloads\WEB.DE_Firefox_Setup(1).exe
2014-10-18 13:56 - 2014-10-18 13:56 - 00000969 _____ () C:\Users\Public\Desktop\CCleaner.lnk
2014-10-18 13:56 - 2014-10-18 13:56 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2014-10-18 13:56 - 2014-10-18 13:56 - 00000000 ____D () C:\Program Files\CCleaner
2014-10-18 13:54 - 2014-10-18 13:55 - 03836936 _____ (Piriform Ltd) C:\Users\Jakob\Downloads\ccsetup418_slim.exe
2014-10-17 23:30 - 2014-10-17 23:30 - 00000000 ____D () C:\Users\Jakob\Desktop\#Erstmal cool
2014-10-16 22:20 - 2014-09-15 01:42 - 02377216 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-10-08 17:14 - 2014-10-08 17:16 - 00000000 ____D () C:\Users\Jakob\Desktop\is vorträge
2014-10-08 16:32 - 2014-11-01 22:33 - 00000000 ____D () C:\Users\Jakob\AppData\Local\Spotify
2014-10-08 16:32 - 2014-10-08 16:32 - 00001805 _____ () C:\Users\Jakob\Desktop\Spotify.lnk
2014-10-08 16:28 - 2014-11-02 12:45 - 00000000 ____D () C:\Users\Jakob\AppData\Roaming\Spotify
2014-10-08 16:26 - 2014-10-08 16:26 - 00137888 _____ (Spotify Ltd) C:\Users\Jakob\Downloads\SpotifySetup.exe
2014-10-06 14:57 - 2014-10-06 14:57 - 01393096 _____ () C:\Users\Jakob\Downloads\Setup(1).exe
2014-10-05 13:06 - 2014-10-05 21:43 - 00000003 _____ () C:\Users\Jakob\AppData\Local\proxy.log
2014-10-05 13:06 - 2014-10-05 13:06 - 00000000 ____D () C:\Users\Jakob\AppData\Roaming\BandExtend
2014-10-05 13:05 - 2014-10-05 21:52 - 00000000 ____D () C:\Program Files\Bench
2014-10-05 13:05 - 2014-10-05 21:44 - 00000306 __RSH () C:\ProgramData\ntuser.pol
2014-10-05 13:04 - 2014-10-05 13:04 - 00000000 ____D () C:\ProgramData\DSearchLink
2014-10-05 13:01 - 2014-11-02 12:58 - 00000944 _____ () C:\Windows\Tasks\globalUpdateUpdateTaskMachineUA.job
2014-10-05 13:01 - 2014-10-05 13:01 - 00000000 ____D () C:\Program Files\globalUpdate
2014-10-05 13:00 - 2014-10-05 13:01 - 24743106 _____ () C:\Users\Jakob\Downloads\vlc-2.1.5-win32.exe
2014-10-05 12:57 - 2014-10-05 12:58 - 00398800 _____ () C:\Users\Jakob\Downloads\VideoPlayerSetup(1).exe
2014-10-05 12:51 - 2014-10-05 21:48 - 00000000 ____D () C:\Program Files\Real
2014-10-05 12:49 - 2014-10-05 21:48 - 00000000 ____D () C:\ProgramData\Real
2014-10-05 12:49 - 2014-10-05 12:49 - 01071824 _____ (RealNetworks, Inc.) C:\Users\Jakob\Downloads\RealPlayerCloud_de.exe
2014-10-05 12:45 - 2014-10-05 12:46 - 00000000 ____D () C:\Users\Jakob\AppData\Roaming\Infigo
2014-10-05 12:44 - 2014-10-05 12:44 - 07649400 _____ () C:\Users\Jakob\Downloads\Infigo_setup.exe
2014-10-05 11:41 - 2014-10-05 12:41 - 00398800 _____ () C:\Users\Jakob\Downloads\VideoPlayerSetup.exe
2014-10-04 09:39 - 2014-10-04 09:39 - 00139488 _____ () C:\Windows\system32\XMLOperations.xml
2014-10-04 01:28 - 2014-10-04 01:28 - 00000000 ____D () C:\Program Files\predm
2014-10-04 01:18 - 2014-10-04 11:22 - 00000000 ____D () C:\Program Files\Salus
2014-10-04 01:18 - 2014-10-04 01:18 - 00000000 ____D () C:\Program Files\Universal Updater
2014-10-04 01:00 - 2014-10-03 15:36 - 00043200 _____ (StdLib) C:\Windows\system32\Drivers\{e4a6645a-3f85-4e1f-aa41-8367978844db}Gw.sys
2014-10-04 00:54 - 2014-10-04 00:54 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RegClean Pro
2014-10-03 21:08 - 2014-10-03 21:08 - 00781632 _____ ( ) C:\Users\Jakob\Downloads\adobe_flash_setup.exe
2014-10-03 18:57 - 2014-10-05 13:04 - 00001852 _____ () C:\Users\Jakob\Desktop\Search.lnk
2014-10-03 18:55 - 2014-10-16 05:32 - 00000000 ____D () C:\Users\Jakob\AppData\Roaming\SmootherWeb
2014-10-03 18:55 - 2014-10-03 18:55 - 00000000 ____D () C:\SmootherWeb
2014-10-03 18:51 - 2014-10-03 18:51 - 00000000 ____D () C:\ProgramData\2308189059
2014-10-03 16:50 - 2014-11-02 12:43 - 00002432 _____ () C:\Windows\Tasks\ae521cb4-aba2-40ce-bf37-b8cf9fce7221-5_user.job
2014-10-03 16:49 - 2014-11-02 12:43 - 00004480 _____ () C:\Windows\Tasks\ae521cb4-aba2-40ce-bf37-b8cf9fce7221-4.job
2014-10-03 16:49 - 2014-11-02 12:43 - 00003450 _____ () C:\Windows\Tasks\ae521cb4-aba2-40ce-bf37-b8cf9fce7221-1.job
2014-10-03 16:49 - 2014-11-02 12:43 - 00002432 _____ () C:\Windows\Tasks\ae521cb4-aba2-40ce-bf37-b8cf9fce7221-5.job
2014-10-03 16:49 - 2014-11-02 12:43 - 00002096 _____ () C:\Windows\Tasks\ae521cb4-aba2-40ce-bf37-b8cf9fce7221-2.job
2014-10-03 16:49 - 2014-11-02 12:43 - 00001420 _____ () C:\Windows\Tasks\bfe22ba4-de96-4be5-9aea-9bc915bbb213.job
2014-10-03 16:48 - 2014-11-02 13:02 - 00000566 _____ () C:\Windows\Tasks\98edbdf0-e2a8-403a-90d4-ee24b92a5095.job
2014-10-03 16:48 - 2014-11-02 12:58 - 00000940 _____ () C:\Windows\Tasks\globalUpdateUpdateTaskMachineCore.job
2014-10-03 16:48 - 2014-11-02 12:48 - 00004144 _____ () C:\Windows\Tasks\ae521cb4-aba2-40ce-bf37-b8cf9fce7221-6.job
2014-10-03 16:48 - 2014-11-02 12:43 - 00005170 _____ () C:\Windows\Tasks\ae521cb4-aba2-40ce-bf37-b8cf9fce7221-11.job
2014-10-03 16:48 - 2014-11-02 12:43 - 00003800 _____ () C:\Windows\Tasks\ae521cb4-aba2-40ce-bf37-b8cf9fce7221-7.job
2014-10-03 16:48 - 2014-11-02 12:43 - 00003800 _____ () C:\Windows\Tasks\ae521cb4-aba2-40ce-bf37-b8cf9fce7221-3.job
2014-10-03 16:48 - 2014-10-03 16:49 - 00009712 _____ () C:\Windows\system32\MyOSProtect.ini
2014-10-03 16:48 - 2014-10-03 16:49 - 00002344 _____ () C:\Windows\system32\MyOSProtectOff.ini
2014-10-03 16:48 - 2014-10-03 16:48 - 00000000 ____D () C:\Users\Jakob\AppData\Local\globalUpdate
2014-10-03 16:48 - 2014-09-01 19:29 - 00020480 _____ () C:\Windows\system32\Drivers\pcwatch.sys
2014-10-03 16:48 - 2014-09-01 19:28 - 00304776 _____ (MyOSCompany) C:\Windows\system32\MyOSProtect.dll
2014-10-03 16:47 - 2014-10-25 20:26 - 00000000 ___HD () C:\Users\Public\Temp
2014-10-03 16:47 - 2014-10-04 01:16 - 00000000 ____D () C:\Program Files\videos+Media+Players
2014-10-03 16:47 - 2014-10-03 16:47 - 00000000 ____D () C:\Users\Jakob\AppData\Local\com
2014-10-03 16:45 - 2014-10-03 16:45 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PepperZip
2014-10-03 16:44 - 2014-10-03 18:55 - 00000000 ____D () C:\Program Files\PCTRunner
2014-10-03 16:44 - 2014-10-03 12:13 - 04834816 _____ () C:\Windows\score.exe
2014-10-03 16:42 - 2014-10-03 16:42 - 01393080 _____ () C:\Users\Jakob\Downloads\Setup.exe

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-11-02 13:24 - 2012-06-19 14:56 - 00000000 ____D () C:\Users\Jakob\AppData\Local\CrashDumps
2014-11-02 12:59 - 2010-08-09 01:03 - 00000000 ____D () C:\Users\Jakob\AppData\Local\Google
2014-11-02 12:59 - 2010-08-09 01:03 - 00000000 ____D () C:\Program Files\Google
2014-11-02 12:52 - 2014-01-08 21:59 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-11-02 12:51 - 2009-07-14 05:34 - 00009696 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-11-02 12:51 - 2009-07-14 05:34 - 00009696 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-11-02 12:50 - 2009-12-22 13:55 - 01146678 ____N () C:\Windows\WindowsUpdate.log
2014-11-02 12:43 - 2012-05-18 17:14 - 00065536 _____ () C:\Windows\system32\Ikeext.etl
2014-11-02 12:43 - 2009-07-14 05:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-11-01 21:38 - 2014-01-01 21:37 - 00000290 _____ () C:\Windows\Tasks\Bonanza.job
2014-10-30 12:24 - 2009-12-22 14:13 - 00229000 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2014-10-28 10:42 - 2009-11-26 16:44 - 01507106 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-10-28 09:24 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\tracing
2014-10-27 16:48 - 2013-04-23 19:34 - 00000000 ____D () C:\ProgramData\TEMP
2014-10-27 16:44 - 2012-06-17 19:50 - 00000000 ____D () C:\Windows\Minidump
2014-10-27 00:37 - 2014-01-08 00:37 - 00000155 _____ () C:\Users\Jakob\AppData\Roaming\WB.CFG
2014-10-18 22:04 - 2014-09-25 08:02 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2014-10-18 22:04 - 2012-03-17 12:52 - 00001109 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2014-10-18 22:04 - 2011-05-18 16:04 - 00001121 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2014-10-18 21:57 - 2013-02-25 12:54 - 00945152 ___SH () C:\Users\Jakob\Desktop\Thumbs.db
2014-10-18 21:53 - 2009-07-14 05:33 - 00436296 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-10-18 15:57 - 2009-12-23 11:40 - 00000000 ____D () C:\Users\Jakob\AppData\Roaming\vlc
2014-10-18 15:57 - 2009-12-22 13:55 - 00000000 ____D () C:\Users\Jakob
2014-10-18 15:57 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\system32\wfp
2014-10-18 15:57 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\registration
2014-10-18 15:57 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\AppCompat
2014-10-18 14:12 - 2010-11-28 23:58 - 00000000 ____D () C:\Users\Jakob\AppData\Roaming\DAEMON Tools Pro
2014-10-18 14:11 - 2009-11-27 01:31 - 00000000 ____D () C:\Windows\Panther
2014-10-18 07:44 - 2009-11-26 16:42 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-10-18 07:42 - 2013-07-15 04:40 - 00000000 ____D () C:\Windows\system32\MRT
2014-10-18 07:01 - 2009-12-23 09:05 - 100290944 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-10-13 14:20 - 2009-07-14 05:53 - 00032632 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-10-05 21:48 - 2012-03-12 16:58 - 00000000 ____D () C:\Users\Jakob\AppData\Roaming\Real
2014-10-05 13:05 - 2009-07-14 03:37 - 00000000 ___HD () C:\Windows\system32\GroupPolicy
2014-10-05 13:04 - 2009-12-23 11:39 - 00001028 _____ () C:\Users\Public\Desktop\VLC media player.lnk
2014-10-05 13:04 - 2009-12-23 11:39 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
2014-10-05 12:52 - 2008-09-10 15:56 - 00201800 _____ (RealNetworks, Inc.) C:\Windows\system32\rmoc3260.dll
2014-10-05 12:51 - 2009-01-16 17:34 - 00505416 _____ (Microsoft Corporation) C:\Windows\system32\msvcp71.dll
2014-10-05 12:51 - 2003-02-21 17:42 - 00353864 _____ (Microsoft Corporation) C:\Windows\system32\msvcr71.dll
2014-10-04 01:25 - 2014-04-10 08:02 - 00000000 ____D () C:\Users\Jakob\AppData\Roaming\systweak
2014-10-04 01:00 - 2009-07-14 03:04 - 00000877 _____ () C:\Windows\win.ini
2014-10-03 16:47 - 2009-07-14 03:37 - 00000000 ___RD () C:\Users\Public

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-10-26 15:46

==================== End Of Log ============================
         


Addition

Code:
ATTFilter
Additional scan result of Farbar Recovery Scan Tool (x86) Version: 01-11-2014
Ran by Jakob at 2014-11-02 13:28:36
Running from C:\Users\Jakob\Downloads
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Microsoft Security Essentials (Enabled - Up to date) {4F35CFC4-45A3-FC37-EF17-759A02E39AB1}
AS: Microsoft Security Essentials (Enabled - Up to date) {F4542E20-6399-F3B9-D5A7-4EE87964D00C}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

"Nero SoundTrax Help (Version: 4.0.15.0 - Nero AG) Hidden
7-Zip 4.65 (HKLM\...\7-Zip) (Version:  - )
Adobe Flash Player 10 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 10.0.45.2 - Adobe Systems Incorporated)
Adobe Flash Player 15 Plugin (HKLM\...\Adobe Flash Player Plugin) (Version: 15.0.0.152 - Adobe Systems Incorporated)
Adobe Flash Player Packages (HKCU\...\Adobe Flash Player Packages) (Version:  - ) <==== ATTENTION
Adobe Reader XI (11.0.09) - Deutsch (HKLM\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.09 - Adobe Systems Incorporated)
Adobe Shockwave Player 11.6 (HKLM\...\Adobe Shockwave Player) (Version: 11.6.5.635 - Adobe Systems, Inc.)
Advertising Center (Version: 0.0.0.1 - Nero AG) Hidden
Apple Software Update (HKLM\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
BisonCam (HKLM\...\{4BB1DCED-84D3-47F9-B718-5947E904593E}) (Version: 6.96.710.03.1 - BisonCam)
CCleaner (HKLM\...\CCleaner) (Version: 4.18 - Piriform)
Compatibility Pack für 2007 Office System (HKLM\...\{90120000-0020-0407-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
DivX-Setup (HKLM\...\DivX Setup) (Version: 2.6.1.8 - DivX, LLC)
DolbyFiles (Version: 2.0 - Nero AG) Hidden
Foxy Secure (HKLM\...\Foxy Secure) (Version: 6 - )
Free YouTube to MP3 Converter version 3.12.32.327 (HKLM\...\Free YouTube to MP3 Converter_is1) (Version: 3.12.32.327 - DVDVideoSoft Ltd.)
ImagXpress (Version: 7.0.74.0 - Nero AG) Hidden
Java(TM) 6 Update 17 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83216016FF}) (Version: 6.0.170 - Sun Microsystems, Inc.)
JMicron JMB38X Flash Media Controller (HKLM\...\{26604C7E-A313-4D12-867F-7C6E7820BE4C}) (Version: 1.0.34.2 - JMicron Technology Corp.)
Kommissar Kugelblitz 1 (HKLM\...\Kommissar Kugelblitz 1) (Version:  - )
Menu Templates - Starter Kit (Version: 9.0.4.0 - Nero AG) Hidden
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile DEU Language Pack (HKLM\...\Microsoft .NET Framework 4 Client Profile DEU Language Pack) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft Office Live Add-in 1.3 (HKLM\...\{57F0ED40-8F11-41AA-B926-4A66D0D1A9CC}) (Version: 2.0.2313.0 - Microsoft Corporation)
Microsoft Office PowerPoint Viewer 2007 (German) (HKLM\...\{95120000-00AF-0407-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (HKLM\...\Office14.PROPLUS) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.6.305.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 (HKLM\...\{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (HKLM\...\{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Works (HKLM\...\{62F7DA7E-CCCB-439C-A760-00C3926E761F}) (Version: 9.7.0621 - Microsoft Corporation)
Movie Templates - Starter Kit (Version: 9.0.4.0 - Nero AG) Hidden
Mozilla Firefox 33.0 (x86 de) (HKLM\...\Mozilla Firefox 33.0 (x86 de)) (Version: 33.0 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 33.0 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Nero 9 (HKLM\...\{02e3a00f-f814-4a69-9021-5d8ebb117723}) (Version:  - Nero AG)
OpenOffice.org 3.1 (HKLM\...\{99E862CC-6F69-4D39-99AA-DBF71BF3B585}) (Version: 3.1.9420 - OpenOffice.org)
RealDownloader (Version: 17.0.12 - RealNetworks, Inc.) Hidden
Revo Uninstaller 1.95 (HKLM\...\Revo Uninstaller) (Version: 1.95 - VS Revo Group)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version:  - Microsoft)
SmootherWeb (HKCU Version: 1.0 - SmootherWeb LLC) Hidden
SoundTrax (Version: 4.0.18.0 - Nero AG) Hidden
Spotify (HKCU\...\Spotify) (Version: 0.9.14.13.gba5645ad - Spotify AB)
swMSM (Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
VC80CRTRedist - 8.0.50727.6195 (Version: 1.2.0 - DivX, Inc) Hidden
Video Converter Packages (HKCU\...\Video Converter Packages) (Version:  - ) <==== ATTENTION
VLC media player (HKLM\...\VLC media player) (Version: 2.1.5 - VideoLAN)
Win7codecs (HKLM\...\{8C0CAA7A-3272-4991-A808-2C7559DE3409}) (Version: 2.2.4 - Shark007)
Windows Media Center Edition MPEG Codec Plug-in (HKLM\...\{94F3D243-2006-4B2D-9160-C2A33F74BB84}) (Version:  - ArcSoft)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-2661586429-2275987487-1405664113-1000_Classes\CLSID\{23170F69-40C1-278A-1000-000100020000}\InprocServer32 -> C:\Program Files\7-Zip\7-zip.dll (Igor Pavlov)

==================== Restore Points  =========================

21-10-2014 23:53:29 Windows Update
25-10-2014 06:27:04 Windows Update
27-10-2014 15:51:06 Removed MyAdGuardian for Internet Explorer
27-10-2014 15:51:50 Removed MySafeProxy for Internet Explorer
01-11-2014 16:29:01 Windows Update
02-11-2014 11:57:48 Removed Apple Software Update

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 03:04 - 2014-10-05 21:44 - 00001021 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1	static3.cdn.ubi.com
127.0.0.1	ubisoft-orbit.s3.amazonaws.com
127.0.0.1	onlineconfigservice.ubi.com	
127.0.0.1	orbitservice.ubi.com
127.0.0.1	ubisoft-orbit-savegames.s3.amazonaws.com


==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {0FA4E3EC-E17D-4EED-B674-5AABDCE09C46} - System32\Tasks\{892CD392-3FDE-4C49-BB85-B00DB4F20A62} => C:\Program Files\LucasArts\LEGO Star Wars - The Complete Saga\LEGOStarWarsSaga.exe
Task: {11B0AEDF-169C-4C03-BEA7-93DB9A67CD90} - System32\Tasks\RocketTab => C:\Windows\system32\cmd.exe [2009-07-14] (Microsoft Corporation) <==== ATTENTION
Task: {1768DD7D-8894-4128-BEE9-4C26FA1C13BE} - System32\Tasks\YourFile DownloaderUpdate => C:\Program Files\YourFileDownloader\YourFileUpdater.exe <==== ATTENTION
Task: {20661AFC-B1C6-4F69-A720-03C9E56419D4} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2014-09-10] (Adobe Systems Incorporated)
Task: {2CED5D86-C7E8-4087-8711-4003BF737BA3} - System32\Tasks\globalUpdateUpdateTaskMachineCore => C:\Program Files\globalUpdate\Update\GoogleUpdate.exe [2014-10-27] (globalUpdate) <==== ATTENTION
Task: {30D1B746-CC97-4B3C-BAB1-47E3EC02EDD2} - System32\Tasks\DivX-Online-Aktualisierungsprogramm => C:\Program Files\DivX\DivX Update\DivXUpdate.exe [2011-07-29] ()
Task: {3A9C5B8C-1DD6-401B-86EA-95A23D7C5D2A} - System32\Tasks\{0FFCC88A-84F5-42BB-83BA-AFEA2AE90F23} => C:\Program Files\VideoLAN\VLC\vlc.exe [2014-07-23] (VideoLAN)
Task: {534C76A2-71B1-4710-9BA0-595DD3755969} - System32\Tasks\ae521cb4-aba2-40ce-bf37-b8cf9fce7221-5_user => C:\Program Files\videos+Media+Players\ae521cb4-aba2-40ce-bf37-b8cf9fce7221-5.exe
Task: {57A8B87D-AB44-4531-B08B-8B5C0681D8E0} - System32\Tasks\Microsoft\Windows\WindowsBackup\AutomaticBackup => Rundll32.exe /d sdengin2.dll,ExecuteScheduledBackup
Task: {59E22CF1-A23D-4EC0-BFF7-D40EAEA789C3} - System32\Tasks\ae521cb4-aba2-40ce-bf37-b8cf9fce7221-3 => C:\Program Files\videos+Media+Players\ae521cb4-aba2-40ce-bf37-b8cf9fce7221-3.exe
Task: {68C9CB40-6EE8-4DAB-9CC1-DC7FA4D3A865} - System32\Tasks\ae521cb4-aba2-40ce-bf37-b8cf9fce7221-6 => C:\Program Files\videos+Media+Players\ae521cb4-aba2-40ce-bf37-b8cf9fce7221-6.exe
Task: {73194429-325B-4E62-B163-7B810C958319} - System32\Tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-2661586429-2275987487-1405664113-1000 => C:\Program Files\RealNetworks\RealDownloader\realupgrade.exe
Task: {78353332-81DC-458C-8B11-39F5C17F11D3} - System32\Tasks\ae521cb4-aba2-40ce-bf37-b8cf9fce7221-11 => C:\Program Files\videos+Media+Players\ae521cb4-aba2-40ce-bf37-b8cf9fce7221-11.exe
Task: {7FFF7C22-D9AF-4D17-89DD-1050CD06666A} - System32\Tasks\ae521cb4-aba2-40ce-bf37-b8cf9fce7221-2 => C:\Program Files\videos+Media+Players\ae521cb4-aba2-40ce-bf37-b8cf9fce7221-2.exe
Task: {81A91B13-3D6D-4520-A3CD-34556811E91B} - System32\Tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-2661586429-2275987487-1405664113-1000 => C:\Program Files\RealNetworks\RealDownloader\realupgrade.exe
Task: {86C88D98-CCA8-4573-B303-0ADC4829CB0C} - System32\Tasks\RocketTab Update Task => C:\Program Files\Search Extensions\uninstall.exe <==== ATTENTION
Task: {8B09D3D1-1C9C-4738-8A87-13FAC330590E} - System32\Tasks\Adobe-Online-Aktualisierungsprogramm => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-08-21] (Adobe Systems Incorporated)
Task: {8CFA0CC3-41A8-4528-9EA5-8BCD522A1975} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-09-26] (Piriform Ltd)
Task: {9049FB55-13E6-4D09-BA61-C4E8932FAA56} - System32\Tasks\Bonanza => C:\Users\Jakob\AppData\Roaming\Bonanza\UpdateProc\UpdateTask.exe [2013-04-30] () <==== ATTENTION
Task: {929B7757-5407-47DB-8EFC-D9D78A925B9D} - System32\Tasks\LaunchSignup => C:\Program Files\MyPC Backup\Signup Wizard.exe <==== ATTENTION
Task: {A9524E86-4AD9-415B-A801-0FB0A21FA6F3} - System32\Tasks\ae521cb4-aba2-40ce-bf37-b8cf9fce7221-7 => C:\Program Files\videos+Media+Players\ae521cb4-aba2-40ce-bf37-b8cf9fce7221-7.exe
Task: {AA0C1360-B996-4121-9CD8-D7417538EE41} - System32\Tasks\ASP => C:\Program Files\RCP\systweakasp.exe
Task: {AF675119-5D2A-4EE7-A710-C9F5F600D244} - System32\Tasks\{CC10BE34-735B-4BBB-AD35-612DE1C598AC} => C:\Program Files\VideoLAN\VLC\vlc.exe [2014-07-23] (VideoLAN)
Task: {B2C49395-CBCC-4E8E-8C4D-ECFDE4EE6FCD} - System32\Tasks\{5FB88C4D-CE08-441A-BDCD-E9947BE8D08B} => C:\Program Files\Vodafone\Vodafone Mobile Connect\Bin\MobileConnect.exe
Task: {B2DDB645-EA16-4496-9503-92FAE02267B6} - System32\Tasks\{61F544DF-AB9C-4F8C-8399-31B5E0959BEB} => C:\Program Files\LucasArts\LEGO Star Wars - The Complete Saga\LEGOStarWarsSaga.exe
Task: {C261A362-DA86-4721-BDC8-46D500273BAE} - System32\Tasks\ae521cb4-aba2-40ce-bf37-b8cf9fce7221-1 => C:\Program Files\videos+Media+Players\videos+Media+Players-codedownloader.exe
Task: {C4476E06-67C1-4EA3-8206-4F1BA9968684} - System32\Tasks\ae521cb4-aba2-40ce-bf37-b8cf9fce7221-5 => C:\Program Files\videos+Media+Players\ae521cb4-aba2-40ce-bf37-b8cf9fce7221-5.exe
Task: {D23CB111-00D0-4AE1-98E8-824EA490BC95} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files\Apple Software Update\SoftwareUpdate.exe
Task: {DD677CC9-7AFD-42C4-B3FD-AA42C6AB9A2F} - System32\Tasks\ae521cb4-aba2-40ce-bf37-b8cf9fce7221-4 => C:\Program Files\videos+Media+Players\ae521cb4-aba2-40ce-bf37-b8cf9fce7221-4.exe
Task: {F65FF310-DA1E-4444-82C6-8D28FE73FFF9} - System32\Tasks\98edbdf0-e2a8-403a-90d4-ee24b92a5095 => C:\Program Files\videos+Media+Players\98edbdf0-e2a8-403a-90d4-ee24b92a5095.exe [2014-10-03] ()
Task: {FBCC96D1-EA6E-4887-A28D-21C9B5EFE49A} - System32\Tasks\bfe22ba4-de96-4be5-9aea-9bc915bbb213 => C:\Program Files\videos+Media+Players\bfe22ba4-de96-4be5-9aea-9bc915bbb213.exe [2014-10-03] (enter) <==== ATTENTION
Task: {FD825110-D82C-4059-A582-372B40959FA7} - System32\Tasks\globalUpdateUpdateTaskMachineUA => C:\Program Files\globalUpdate\Update\GoogleUpdate.exe [2014-10-27] (globalUpdate) <==== ATTENTION

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\98edbdf0-e2a8-403a-90d4-ee24b92a5095.job => C:\Program Files\videos+Media+Players\98edbdf0-e2a8-403a-90d4-ee24b92a5095.exe
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\ae521cb4-aba2-40ce-bf37-b8cf9fce7221-1.job => C:\Program Files\videos+Media+Players\videos+Media+Players-codedownloader.exe
Task: C:\Windows\Tasks\ae521cb4-aba2-40ce-bf37-b8cf9fce7221-11.job => C:\Program Files\videos+Media+Players\ae521cb4-aba2-40ce-bf37-b8cf9fce7221-11.exe
Task: C:\Windows\Tasks\ae521cb4-aba2-40ce-bf37-b8cf9fce7221-2.job => C:\Program Files\videos+Media+Players\ae521cb4-aba2-40ce-bf37-b8cf9fce7221-2.exe
Task: C:\Windows\Tasks\ae521cb4-aba2-40ce-bf37-b8cf9fce7221-3.job => C:\Program Files\videos+Media+Players\ae521cb4-aba2-40ce-bf37-b8cf9fce7221-3.exe
Task: C:\Windows\Tasks\ae521cb4-aba2-40ce-bf37-b8cf9fce7221-4.job => C:\Program Files\videos+Media+Players\ae521cb4-aba2-40ce-bf37-b8cf9fce7221-4.exe
Task: C:\Windows\Tasks\ae521cb4-aba2-40ce-bf37-b8cf9fce7221-5.job => C:\Program Files\videos+Media+Players\ae521cb4-aba2-40ce-bf37-b8cf9fce7221-5.exe
Task: C:\Windows\Tasks\ae521cb4-aba2-40ce-bf37-b8cf9fce7221-5_user.job => C:\Program Files\videos+Media+Players\ae521cb4-aba2-40ce-bf37-b8cf9fce7221-5.exe
Task: C:\Windows\Tasks\ae521cb4-aba2-40ce-bf37-b8cf9fce7221-6.job => C:\Program Files\videos+Media+Players\ae521cb4-aba2-40ce-bf37-b8cf9fce7221-6.exe
Task: C:\Windows\Tasks\ae521cb4-aba2-40ce-bf37-b8cf9fce7221-7.job => C:\Program Files\videos+Media+Players\ae521cb4-aba2-40ce-bf37-b8cf9fce7221-7.exe
Task: C:\Windows\Tasks\bfe22ba4-de96-4be5-9aea-9bc915bbb213.job => C:\Program Files\videos+Media+Players\bfe22ba4-de96-4be5-9aea-9bc915bbb213.exe
Task: C:\Windows\Tasks\Bonanza.job => C:\Users\Jakob\AppData\Roaming\Bonanza\UPDATE~1\UPDATE~1.EXE <==== ATTENTION
Task: C:\Windows\Tasks\globalUpdateUpdateTaskMachineCore.job => C:\Program Files\globalUpdate\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\globalUpdateUpdateTaskMachineUA.job => C:\Program Files\globalUpdate\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2013-06-28 12:12 - 2013-06-28 12:12 - 00024064 _____ () C:\Windows\System32\ssj1mlm.dll
2014-09-02 20:55 - 2014-09-02 20:55 - 00487483 _____ () C:\monitor.exe
2014-10-03 16:44 - 2014-10-03 12:13 - 04834816 _____ () C:\Windows\score.exe
2014-10-28 01:48 - 2014-10-23 10:12 - 00628736 _____ () C:\Users\Jakob\AppData\Roaming\WHService\wh.exe
2014-10-28 01:48 - 2014-10-28 01:48 - 00374272 _____ () C:\Users\Jakob\AppData\Roaming\WHService\sub\default.dll
2014-09-23 18:55 - 2014-09-23 18:55 - 00404992 _____ () C:\Program Files\Universal Updater\CrashMon.exe
2014-09-04 00:24 - 2014-09-04 00:24 - 00827392 _____ () C:\Program Files\pctrunner\pcproxydll.dll
2014-09-25 19:44 - 2014-09-25 19:44 - 00053248 _____ () C:\Program Files\CCleaner\lang\lang-1031.dll
2014-09-25 08:02 - 2014-10-11 13:53 - 03649648 _____ () C:\Program Files\Mozilla Firefox\mozjs.dll
2013-09-05 00:14 - 2013-09-05 00:14 - 04300456 _____ () C:\Program Files\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
2014-09-10 00:52 - 2014-09-10 00:52 - 16825520 _____ () C:\Windows\system32\Macromed\Flash\NPSWF32_15_0_0_152.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

AlternateDataStreams: C:\ProgramData\TEMP:373E1720
AlternateDataStreams: C:\ProgramData\TEMP:AD022376

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\pcwatch.sys => ""="Driver" <==== ATTENTION
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MyOSProtect => ""="service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\pcwatch.sys => ""="Driver" <==== ATTENTION

==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)



HKU\S-1-5-21-2661586429-2275987487-1405664113-1000\Software\Classes\.exe:  =>  <===== ATTENTION!

==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)

MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Hotkey.lnk => C:\Windows\pss\Hotkey.lnk.CommonStartup
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^McAfee Security Scan Plus.lnk => C:\Windows\pss\McAfee Security Scan Plus.lnk.CommonStartup
MSCONFIG\startupreg: Adobe Reader Speed Launcher => "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
MSCONFIG\startupreg: AVG9_TRAY => C:\PROGRA~1\AVG\AVG9\avgtray.exe
MSCONFIG\startupreg: BisonHK => C:\Windows\BisonCam\BisonHK.exe
MSCONFIG\startupreg: BisonInst0402 => C:\Windows\BisonCam\InitDriverx86.exe
MSCONFIG\startupreg: DivXUpdate => "C:\Program Files\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
MSCONFIG\startupreg: MobileConnect => C:\Program Files\Vodafone\Vodafone Mobile Connect\Bin\MobileConnect.exe /silent
MSCONFIG\startupreg: QuickTime Task => "C:\Program Files\QuickTime\QTTask.exe" -atboottime
MSCONFIG\startupreg: SiSTray => C:\Program Files\SiS VGA Utilities\SiSTray.exe
MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files\Java\jre6\bin\jusched.exe"
MSCONFIG\startupreg: SynTPEnh => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
MSCONFIG\startupreg: {2136E952-826A-440D-A56F-BF568930D5EA} => "C:\Program Files\Vodafone\HighPerformance Client\bmoc" -d

========================= Accounts: ==========================

Administrator (S-1-5-21-2661586429-2275987487-1405664113-500 - Administrator - Disabled)
Gast (S-1-5-21-2661586429-2275987487-1405664113-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-2661586429-2275987487-1405664113-1004 - Limited - Enabled)
Jakob (S-1-5-21-2661586429-2275987487-1405664113-1000 - Administrator - Enabled) => C:\Users\Jakob

==================== Faulty Device Manager Devices =============

Name: Salus
Description: Salus
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer: 
Service: Salus
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.

Name: Teredo Tunneling Pseudo-Interface
Description: Microsoft-Teredo-Tunneling-Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.


==================== Event log errors: =========================

Application errors:
==================
Error: (11/02/2014 01:24:10 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: explorer.exe, Version: 6.1.7600.16768, Zeitstempel: 0x4d6878c3
Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7600.16915, Zeitstempel: 0x4ec49caf
Ausnahmecode: 0xc0000005
Fehleroffset: 0x00055401
ID des fehlerhaften Prozesses: 0xf50
Startzeit der fehlerhaften Anwendung: 0xexplorer.exe0
Pfad der fehlerhaften Anwendung: explorer.exe1
Pfad des fehlerhaften Moduls: explorer.exe2
Berichtskennung: explorer.exe3

Error: (11/02/2014 01:23:29 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: Explorer.EXE, Version: 6.1.7600.16768, Zeitstempel: 0x4d6878c3
Name des fehlerhaften Moduls: bho.dll_unloaded, Version: 0.0.0.0, Zeitstempel: 0x542bf70b
Ausnahmecode: 0xc0000005
Fehleroffset: 0x080587c0
ID des fehlerhaften Prozesses: 0xaac
Startzeit der fehlerhaften Anwendung: 0xExplorer.EXE0
Pfad der fehlerhaften Anwendung: Explorer.EXE1
Pfad des fehlerhaften Moduls: Explorer.EXE2
Berichtskennung: Explorer.EXE3

Error: (11/02/2014 00:58:36 PM) (Source: MsiInstaller) (EventID: 11721) (User: NB-Jakob)
Description: Produkt: Apple Software Update -- Fehler 1721. Es liegt ein dieses Windows Installer-Paket betreffendes Problem vor. Ein für den Abschluss der Installation erforderliches Programm konnte nicht ausgeführt werden. Wenden Sie sich an das Supportpersonal oder den Hersteller des Pakets. Aktion: SoftwareUpdate_UnregServer, Pfad: C:\Program Files\Apple Software Update\SoftwareUpdate.exe, Befehl: /UnregServer

Error: (10/27/2014 04:05:10 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: plugin-container.exe, Version: 33.0.0.5397, Zeitstempel: 0x543924b1
Name des fehlerhaften Moduls: mozalloc.dll, Version: 33.0.0.5397, Zeitstempel: 0x5438ffbb
Ausnahmecode: 0x80000003
Fehleroffset: 0x00001425
ID des fehlerhaften Prozesses: 0x1f8c
Startzeit der fehlerhaften Anwendung: 0xplugin-container.exe0
Pfad der fehlerhaften Anwendung: plugin-container.exe1
Pfad des fehlerhaften Moduls: plugin-container.exe2
Berichtskennung: plugin-container.exe3

Error: (10/27/2014 03:41:19 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: iexplore.exe, Version: 9.0.8112.16476, Zeitstempel: 0x5126e7ac
Name des fehlerhaften Moduls: KERNELBASE.dll, Version: 6.1.7600.17206, Zeitstempel: 0x50e65f4f
Ausnahmecode: 0xe06d7363
Fehleroffset: 0x0000969b
ID des fehlerhaften Prozesses: 0x128c
Startzeit der fehlerhaften Anwendung: 0xiexplore.exe0
Pfad der fehlerhaften Anwendung: iexplore.exe1
Pfad des fehlerhaften Moduls: iexplore.exe2
Berichtskennung: iexplore.exe3

Error: (10/27/2014 02:02:16 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm iexplore.exe, Version 9.0.8112.16476 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.

Prozess-ID: 142c

Startzeit: 01cff1e5ef448b33

Endzeit: 0

Anwendungspfad: C:\Program Files\Internet Explorer\iexplore.exe

Berichts-ID:

Error: (10/27/2014 00:53:22 PM) (Source: MsiInstaller) (EventID: 11309) (User: NB-Jakob)
Description: Product: Google Update Helper -- Error 1309. Error reading from file: C:\Program Files\globalUpdate\Update\1.3.25.0\Google\Update\RequiredFile.txt.  System error 3.  Verify that the file exists and that you can access it.

Error: (10/27/2014 00:52:51 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: plugin-container.exe, Version: 33.0.0.5397, Zeitstempel: 0x543924b1
Name des fehlerhaften Moduls: mozalloc.dll, Version: 33.0.0.5397, Zeitstempel: 0x5438ffbb
Ausnahmecode: 0x80000003
Fehleroffset: 0x00001425
ID des fehlerhaften Prozesses: 0x1798
Startzeit der fehlerhaften Anwendung: 0xplugin-container.exe0
Pfad der fehlerhaften Anwendung: plugin-container.exe1
Pfad des fehlerhaften Moduls: plugin-container.exe2
Berichtskennung: plugin-container.exe3

Error: (10/27/2014 00:50:08 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: plugin-container.exe, Version: 33.0.0.5397, Zeitstempel: 0x543924b1
Name des fehlerhaften Moduls: mozalloc.dll, Version: 33.0.0.5397, Zeitstempel: 0x5438ffbb
Ausnahmecode: 0x80000003
Fehleroffset: 0x00001425
ID des fehlerhaften Prozesses: 0x145c
Startzeit der fehlerhaften Anwendung: 0xplugin-container.exe0
Pfad der fehlerhaften Anwendung: plugin-container.exe1
Pfad des fehlerhaften Moduls: plugin-container.exe2
Berichtskennung: plugin-container.exe3

Error: (10/27/2014 00:37:42 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0"1".
Die abhängige Assemblierung "msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".


System errors:
=============
Error: (11/02/2014 00:43:41 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen: 
Salus

Error: (11/02/2014 00:43:38 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "Update CommonShare" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%2

Error: (11/02/2014 00:43:36 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "Protect Monitor" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%1053

Error: (11/02/2014 00:43:36 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Protect Monitor erreicht.

Error: (11/02/2014 05:42:18 AM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen: 
Salus

Error: (11/02/2014 05:42:12 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "Update CommonShare" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%2

Error: (11/02/2014 05:42:09 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "Protect Monitor" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%1053

Error: (11/02/2014 05:42:09 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Protect Monitor erreicht.

Error: (11/01/2014 05:14:11 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen: 
Salus

Error: (11/01/2014 05:14:08 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "Update CommonShare" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%2


Microsoft Office Sessions:
=========================
Error: (11/02/2014 01:24:10 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: explorer.exe6.1.7600.167684d6878c3ntdll.dll6.1.7600.169154ec49cafc000000500055401f5001cff697d63af007C:\Windows\explorer.exeC:\Windows\SYSTEM32\ntdll.dll259e5ab2-628b-11e4-b3b0-0090f59441f5

Error: (11/02/2014 01:23:29 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Explorer.EXE6.1.7600.167684d6878c3bho.dll_unloaded0.0.0.0542bf70bc0000005080587c0aac01cff69245b53c91C:\Windows\Explorer.EXEbho.dll0d1e4e78-628b-11e4-b3b0-0090f59441f5

Error: (11/02/2014 00:58:36 PM) (Source: MsiInstaller) (EventID: 11721) (User: NB-Jakob)
Description: Produkt: Apple Software Update -- Fehler 1721. Es liegt ein dieses Windows Installer-Paket betreffendes Problem vor. Ein für den Abschluss der Installation erforderliches Programm konnte nicht ausgeführt werden. Wenden Sie sich an das Supportpersonal oder den Hersteller des Pakets. Aktion: SoftwareUpdate_UnregServer, Pfad: C:\Program Files\Apple Software Update\SoftwareUpdate.exe, Befehl: /UnregServer (NULL)(NULL)(NULL)(NULL)(NULL)

Error: (10/27/2014 04:05:10 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: plugin-container.exe33.0.0.5397543924b1mozalloc.dll33.0.0.53975438ffbb80000003000014251f8c01cff1dca263aa4cC:\Program Files\Mozilla Firefox\plugin-container.exeC:\Program Files\Mozilla Firefox\mozalloc.dlla4da83d1-5dea-11e4-b8f0-0090f59441f5

Error: (10/27/2014 03:41:19 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: iexplore.exe9.0.8112.164765126e7acKERNELBASE.dll6.1.7600.1720650e65f4fe06d73630000969b128c01cff1e68d68e99cC:\Program Files\Internet Explorer\iexplore.exeC:\Windows\system32\KERNELBASE.dll4f82930e-5de7-11e4-b8f0-0090f59441f5

Error: (10/27/2014 02:02:16 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: iexplore.exe9.0.8112.16476142c01cff1e5ef448b330C:\Program Files\Internet Explorer\iexplore.exe

Error: (10/27/2014 00:53:22 PM) (Source: MsiInstaller) (EventID: 11309) (User: NB-Jakob)
Description: Product: Google Update Helper -- Error 1309. Error reading from file: C:\Program Files\globalUpdate\Update\1.3.25.0\Google\Update\RequiredFile.txt.  System error 3.  Verify that the file exists and that you can access it.(NULL)(NULL)(NULL)(NULL)(NULL)

Error: (10/27/2014 00:52:51 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: plugin-container.exe33.0.0.5397543924b1mozalloc.dll33.0.0.53975438ffbb8000000300001425179801cff1dc58cc6cd6C:\Program Files\Mozilla Firefox\plugin-container.exeC:\Program Files\Mozilla Firefox\mozalloc.dllc70522cc-5dcf-11e4-b8f0-0090f59441f5

Error: (10/27/2014 00:50:08 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: plugin-container.exe33.0.0.5397543924b1mozalloc.dll33.0.0.53975438ffbb8000000300001425145c01cff1db78593fe3C:\Program Files\Mozilla Firefox\plugin-container.exeC:\Program Files\Mozilla Firefox\mozalloc.dll65809fe1-5dcf-11e4-b8f0-0090f59441f5

Error: (10/27/2014 00:37:42 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0"C:\Windows\Installer\{62F7DA7E-CCCB-439C-A760-00C3926E761F}\WksWP.exe


==================== Memory info =========================== 

Processor: Pentium(R) Dual-Core CPU T4300 @ 2.10GHz
Percentage of memory in use: 68%
Total physical RAM: 1917.17 MB
Available physical RAM: 601.79 MB
Total Pagefile: 3834.34 MB
Available Pagefile: 2442.29 MB
Total Virtual: 2047.88 MB
Available Virtual: 1879.85 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:149.05 GB) (Free:43.34 GB) NTFS ==>[Drive with boot components (obtained from BCD)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 149.1 GB) (Disk ID: 3C9D2C64)
Partition 1: (Active) - (Size=149 GB) - (Type=07 NTFS)

==================== End Of Log ============================
         

Gmer

Code:
ATTFilter
GMER 2.1.19357 - hxxp://www.gmer.net
Rootkit scan 2014-11-03 13:23:27
Windows 6.1.7600  \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-4 WDC_WD1600BEVT-00ZCT0 rev.11.01A11 149,05GB
Running: Gmer-19357.exe; Driver: C:\Users\Jakob\AppData\Local\Temp\uftiqpow.sys


---- Kernel code sections - GMER 2.1 ----

.text  ntkrnlpa.exe!ZwRollbackTransaction + 13F9                                                                           83090829 1 Byte  [06]
.text  ntkrnlpa.exe!KiDispatchInterrupt + 5A2                                                                              830B5132 19 Bytes  [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}

---- Registry - GMER 2.1 ----

Reg    HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC                                    
Reg    HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0                                 C:\Program Files\DAEMON Tools Pro\
Reg    HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0                                 0xDE 0x21 0x00 0x00 ...
Reg    HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0                                 0
Reg    HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12                              0xC7 0x0E 0x4B 0xF5 ...
Reg    HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001                           
Reg    HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0                        0xA0 0x02 0x00 0x00 ...
Reg    HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12                     0x0F 0x56 0x63 0x44 ...
Reg    HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0                      
Reg    HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12                0x4C 0xFB 0x6F 0x67 ...
Reg    HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1                      
Reg    HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1@hdf12                0x20 0x5B 0x9A 0xE7 ...
Reg    HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)                
Reg    HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0                                     C:\Program Files\DAEMON Tools Pro\
Reg    HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0                                     0xDE 0x21 0x00 0x00 ...
Reg    HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0                                     0
Reg    HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12                                  0xC7 0x0E 0x4B 0xF5 ...
Reg    HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)       
Reg    HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0                            0xA0 0x02 0x00 0x00 ...
Reg    HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12                         0x0F 0x56 0x63 0x44 ...
Reg    HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet)  
Reg    HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12                    0x4C 0xFB 0x6F 0x67 ...
Reg    HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1 (not active ControlSet)  
Reg    HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1@hdf12                    0x20 0x5B 0x9A 0xE7 ...

---- EOF - GMER 2.1 ----
         
Wie gesagt - Danke danke danke!!

Alt 03.11.2014, 13:28   #2
schrauber
/// the machine
/// TB-Ausbilder
 

Win7: Firefox öffnet ständig neue Tabs, Webseiten trotz AddBlock voll mit Werbeblöcken - Standard

Win7: Firefox öffnet ständig neue Tabs, Webseiten trotz AddBlock voll mit Werbeblöcken



hi,

Lade Dir bitte von hier Revo Uninstaller Download Revo Uninstaller (alternativ portable Revo Uninstaller) herunter.
  • Installiere und starte das Programm. (Bebilderte Anleitung zu Revo Uninstaller)
  • Klicke auf Optionen und wähle als Sprache Deutsch.
  • Suche im Uninstallerfeld nach den Programmen:

    Adobe Flash Player Packages

    Video Converter Packages


  • Wähle die Programme nacheinander aus und klicke jedes Mal auf Uninstall.
  • Wähle anschließend den Modus "Moderat" aus.
  • Reste löschen:
    Klicke auf dann auf und dann auf .

 






Scan mit Combofix
WARNUNG an die MITLESER:
Combofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!

Downloade dir bitte Combofix vom folgenden Downloadspiegel: Link
  • WICHTIG: Speichere Combofix auf deinem Desktop.
  • Deaktiviere bitte alle deine Antivirensoftware sowie Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören. Combofix meckert auch manchmal trotzdem noch, das kannst du dann ignorieren, mir aber bitte mitteilen.
  • Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.
  • Während Combofix läuft bitte nicht am Computer arbeiten, die Maus bewegen oder ins Combofixfenster klicken!
  • Wenn Combofix fertig ist, wird es ein Logfile erstellen.
  • Bitte poste die C:\Combofix.txt in deiner nächsten Antwort (möglichst in CODE-Tags).
Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.

__________________

__________________

Alt 03.11.2014, 23:31   #3
PegLeg
 
Win7: Firefox öffnet ständig neue Tabs, Webseiten trotz AddBlock voll mit Werbeblöcken - Standard

Win7: Firefox öffnet ständig neue Tabs, Webseiten trotz AddBlock voll mit Werbeblöcken



Code:
ATTFilter
ComboFix 14-10-29.01 - Jakob 03.11.2014  14:41:00.1.2 - x86
Microsoft Windows 7 Home Premium   6.1.7600.0.1252.49.1031.18.1917.732 [GMT 1:00]
ausgeführt von:: c:\users\Jakob\Downloads\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {4F35CFC4-45A3-FC37-EF17-759A02E39AB1}
SP: Microsoft Security Essentials *Disabled/Updated* {F4542E20-6399-F3B9-D5A7-4EE87964D00C}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Jakob\Documents\~WRL0867.tmp
c:\windows\IsUn0407.exe
c:\windows\unin0407.exe
.
.
(((((((((((((((((((((((   Dateien erstellt von 2014-10-03 bis 2014-11-03  ))))))))))))))))))))))))))))))
.
.
2014-11-03 13:48 . 2014-11-03 13:48	--------	d-----w-	c:\users\Jakob\AppData\Local\temp
2014-11-03 13:48 . 2014-11-03 13:48	--------	d-----w-	c:\users\Default\AppData\Local\temp
2014-11-03 13:04 . 2014-11-03 13:04	62576	----a-w-	c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{9D98A8D0-2583-48FD-BED1-CD9322FF1349}\offreg.dll
2014-11-03 13:04 . 2014-11-03 13:04	39464	----a-w-	c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{9D98A8D0-2583-48FD-BED1-CD9322FF1349}\MpKslac102965.sys
2014-11-03 12:39 . 2014-10-14 20:13	8901368	----a-w-	c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{9D98A8D0-2583-48FD-BED1-CD9322FF1349}\mpengine.dll
2014-11-02 21:16 . 2014-09-16 22:43	908840	----a-w-	c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{FF84B290-45C5-4293-B885-5C53C3F92D8B}\gapaengine.dll
2014-11-02 15:00 . 2014-11-02 16:35	--------	d-----w-	c:\users\Jakob\AppData\Local\Spotify
2014-11-02 14:13 . 2014-11-02 14:13	--------	d-----w-	c:\windows\ERUNT
2014-11-02 13:47 . 2014-11-02 13:51	--------	d-----w-	C:\AdwCleaner
2014-11-02 13:01 . 2014-11-03 12:56	114904	----a-w-	c:\windows\system32\drivers\MBAMSwissArmy.sys
2014-11-02 12:59 . 2014-10-01 10:11	51928	----a-w-	c:\windows\system32\drivers\mwac.sys
2014-11-02 12:59 . 2014-10-01 10:11	75480	----a-w-	c:\windows\system32\drivers\mbamchameleon.sys
2014-11-02 12:59 . 2014-10-01 10:11	23256	----a-w-	c:\windows\system32\drivers\mbam.sys
2014-11-02 12:59 . 2014-11-02 12:59	--------	d-----w-	c:\programdata\Malwarebytes
2014-11-02 12:25 . 2014-11-02 12:29	--------	d-----w-	C:\FRST
2014-11-02 12:21 . 2014-11-02 12:21	--------	d-----w-	c:\program files\VS Revo Group
2014-11-01 16:30 . 2014-10-14 20:13	8901368	----a-w-	c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2014-10-28 00:53 . 2014-10-28 00:53	--------	d-----w-	c:\users\Jakob\AppData\Roaming\dlg
2014-10-28 00:48 . 2014-10-28 00:48	--------	d-----w-	c:\users\Jakob\AppData\Roaming\WHService
2014-10-27 15:05 . 2014-10-27 15:05	2058	----a-w-	c:\windows\patsearch.bin
2014-10-18 21:04 . 2014-10-18 21:04	--------	d-----w-	c:\program files\Mozilla Maintenance Service
2014-10-18 21:04 . 2014-10-11 12:54	48240	----a-w-	c:\program files\Mozilla Firefox\browser\components\browsercomps.dll
2014-10-18 21:04 . 2014-10-11 12:53	220784	----a-w-	c:\program files\Mozilla Firefox\sandboxbroker.dll
2014-10-18 12:56 . 2014-10-18 12:56	--------	d-----w-	c:\program files\CCleaner
2014-10-16 21:20 . 2014-09-15 00:42	2377216	----a-w-	c:\windows\system32\win32k.sys
2014-10-08 15:28 . 2014-11-03 11:57	--------	d-----w-	c:\users\Jakob\AppData\Roaming\Spotify
2014-10-05 12:06 . 2014-10-05 12:06	--------	d-----w-	c:\users\Jakob\AppData\Roaming\BandExtend
2014-10-05 11:51 . 2014-10-05 20:48	--------	d-----w-	c:\program files\Real
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-10-30 11:24 . 2009-12-22 13:13	229000	------w-	c:\windows\system32\MpSigStub.exe
2014-10-05 11:51 . 2009-01-16 16:34	505416	----a-w-	c:\windows\system32\msvcp71.dll
2014-10-05 11:51 . 2003-02-21 16:42	353864	----a-w-	c:\windows\system32\msvcr71.dll
2014-09-16 22:43 . 2012-02-10 16:47	908840	----a-w-	c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll
2014-09-09 23:52 . 2013-05-30 10:03	701104	----a-w-	c:\windows\system32\FlashPlayerApp.exe
2014-09-09 23:52 . 2011-12-21 18:37	71344	----a-w-	c:\windows\system32\FlashPlayerCPLApp.cpl
2014-09-02 18:16 . 2014-09-02 18:16	634880	----a-w-	C:\DirectControl.exe
2012-09-24 17:39 . 2012-09-24 17:39	39483256	----a-w-	c:\program files\QuickTimeInstaller.exe
2010-04-03 17:40 . 2011-12-29 19:19	245760	----a-w-	c:\program files\Uninstall Ask Toolbar.dll
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\~\Browser Helper Objects\{0025320D-4D37-4C73-9A5C-0C28F04068A3}]
2014-10-01 14:47	2237952	----a-w-	c:\users\Jakob\AppData\LocalLow\IE-BHO\bho.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CCleaner Monitoring"="c:\program files\CCleaner\CCleaner.exe" [2014-09-26 4811032]
"Spotify"="c:\users\Jakob\AppData\Roaming\Spotify\Spotify.exe" [2014-11-02 6553144]
"Spotify Web Helper"="c:\users\Jakob\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe" [2014-11-02 1514040]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2012-11-05 89184]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2014-08-22 974432]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2014-08-21 959176]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"AvgUninstallURL"="start hxxp://www.avg.com/ww.special-uninstallation-feedback-app?lic=OQBBAFYARgBSAEUARQAtAFYAMgBHADMASwAtADgANwBXAFUAVQAtADIAVABWAEgAQQAtAFgANgBEAEYAOAAtAEwANgBQAEEATgA&inst=NwA3AC0ANAAzADkANAAwADIANgA4ADUALQBCAEEAUgA5AE8AKwAxAC0ARgBMACsAOQAtAEYAOQBNADYAKwAxAC0AWABPADMANgArADEALQBGADkATQA3AEMAKwA1AC0AWABPADkAKwAxAC0ARgA5AE0AMwArADEALQBEAEQAVAArADkANAA1ADQALQBEAEQAOQAwAEYAKwAxAC0AUwBUADkAMABGAEEAUABQACsAMQAtAEYAVQBJACsAMgA&prod=90&ver=9.0.894" [?]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Hotkey.lnk]
backup=c:\windows\pss\Hotkey.lnk.CommonStartup
backupExtension=.CommonStartup
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Hotkey.lnk
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^McAfee Security Scan Plus.lnk]
backup=c:\windows\pss\McAfee Security Scan Plus.lnk.CommonStartup
backupExtension=.CommonStartup
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\{2136E952-826A-440D-A56F-BF568930D5EA}]
c:\program files\Vodafone\HighPerformance Client\bmoc -d [X]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BisonHK]
2008-03-25 14:46	77824	----a-w-	c:\windows\BisonCam\BisonHK.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BisonInst0402]
2008-01-03 00:57	65536	----a-w-	c:\windows\BisonCam\InitDriverx86.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXUpdate]
2011-07-28 23:08	1259376	----a-w-	c:\program files\DivX\DivX Update\DivXUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2009-10-11 03:17	149280	----a-w-	c:\program files\Java\jre6\bin\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
.
R2 RealNetworks Downloader Resolver Service;RealNetworks Downloader Resolver Service;c:\program files\RealNetworks\RealDownloader\rndlresolversvc.exe [x]
R2 WHService;WHService;c:\users\Jakob\AppData\Roaming\WHService\wh.exe [2014-10-23 628736]
R3 AF9035HB;AF9035 Hybrid Device;c:\windows\system32\Drivers\AF9035HB.sys [2012-02-11 855808]
R3 ewusbnet;HUAWEI USB-NDIS miniport;c:\windows\system32\DRIVERS\ewusbnet.sys [2009-06-29 112128]
R3 hwusbfake;Huawei DataCard USB Fake;c:\windows\system32\DRIVERS\ewusbfake.sys [2009-06-29 102912]
R3 ivusb;Initio Driver for USB Default Controller;c:\windows\system32\DRIVERS\ivusb.sys [2010-07-28 25112]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2014-07-17 95920]
R3 NisSrv;Microsoft-Netzwerkinspektion;c:\program files\Microsoft Security Client\NisSrv.exe [2014-08-22 288120]
R3 SiS6350;SiS6350;c:\windows\system32\DRIVERS\SISGRKMD.sys [x]
R4 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2010-11-28 697328]
S1 MpKslac102965;MpKslac102965;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{9D98A8D0-2583-48FD-BED1-CD9322FF1349}\MpKslac102965.sys [2014-11-03 39464]
S3 JMCR;JMCR;c:\windows\system32\DRIVERS\jmcr.sys [2009-10-16 120432]
S3 RTL8187B;Realtek RTL8187B Wireless 802.11b/g 54Mbps USB 2.0 Network Adapter;c:\windows\system32\DRIVERS\RTL8187B.sys [2010-03-31 379904]
S3 SiSGbeLH;NDIS 6.0-Treiber für SiS191/SiS190-Ethernet-Gerät;c:\windows\system32\DRIVERS\SiSGB6.sys [2009-07-13 48128]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - MPKSLAC102965
*NewlyCreated* - UFTIQPOW
*Deregistered* - uftiqpow
.
Inhalt des "geplante Tasks" Ordners
.
2014-11-03 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2013-05-30 23:52]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.google.com
uDefault_Search_URL = hxxp://www.google.com
mStart Page = www.google.com
uSearchAssistant = www.google.com
IE: An OneNote s&enden - c:\progra~1\MICROS~3\Office14\ONBttnIE.dll/105
IE: Free YouTube to Mp3 Converter - c:\program files\Common Files\DVDVideoSoft\plugins\freeytmp3downloader.htm
IE: Nach Microsoft E&xcel exportieren - c:\progra~1\MICROS~3\Office14\EXCEL.EXE/3000
IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.178.1
TCP: Interfaces\{B07ECBE4-9AAF-4ABC-8D30-DA46F6686C7B}: NameServer = 192.168.0.1
FF - ProfilePath - c:\users\Jakob\AppData\Roaming\Mozilla\Firefox\Profiles\o5hwgb2r.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.google.de/
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
Toolbar-Locked - (no file)
HKCU-Run-Infigo - c:\program files\Infigo\Infigo.exe
SafeBoot-pcwatch.sys
MSConfigStartUp-Adobe Reader Speed Launcher - c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe
MSConfigStartUp-AVG9_TRAY - c:\progra~1\AVG\AVG9\avgtray.exe
MSConfigStartUp-MobileConnect - c:\program files\Vodafone\Vodafone Mobile Connect\Bin\MobileConnect.exe
MSConfigStartUp-QuickTime Task - c:\program files\QuickTime\QTTask.exe
MSConfigStartUp-SiSTray - c:\program files\SiS VGA Utilities\SiSTray.exe
MSConfigStartUp-SynTPEnh - c:\program files\Synaptics\SynTP\SynTPEnh.exe
AddRemove-Foxy Secure - c:\users\Jakob\AppData\Roaming\Security Systems\uninstall.exe
AddRemove-Kommissar Kugelblitz 1 - c:\windows\IsUn0407.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2014-11-03  14:51:02
ComboFix-quarantined-files.txt  2014-11-03 13:51
.
Vor Suchlauf: 19 Verzeichnis(se), 47.265.513.472 Bytes frei
Nach Suchlauf: 25 Verzeichnis(se), 46.981.173.248 Bytes frei
.
- - End Of File - - 0DB471C73E4B50F50C8A01367F5ADAEB
A36C5E4F47E84449FF07ED3517B43A31
         
hier noch mal die Combofix Logdatei und diesmal auf dem Desktop gespeichert...

Code:
ATTFilter
ComboFix 14-10-29.01 - Jakob 04.11.2014   0:08.2.2 - x86
Microsoft Windows 7 Home Premium   6.1.7600.0.1252.49.1031.18.1917.1198 [GMT 1:00]
ausgeführt von:: c:\users\Jakob\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {4F35CFC4-45A3-FC37-EF17-759A02E39AB1}
SP: Microsoft Security Essentials *Disabled/Updated* {F4542E20-6399-F3B9-D5A7-4EE87964D00C}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((   Dateien erstellt von 2014-10-03 bis 2014-11-03  ))))))))))))))))))))))))))))))
.
.
2014-11-03 23:16 . 2014-11-03 23:16	--------	d-----w-	c:\users\Default\AppData\Local\temp
2014-11-02 21:16 . 2014-09-16 22:43	908840	----a-w-	c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{FF84B290-45C5-4293-B885-5C53C3F92D8B}\gapaengine.dll
2014-11-02 15:00 . 2014-11-02 16:35	--------	d-----w-	c:\users\Jakob\AppData\Local\Spotify
2014-11-02 14:13 . 2014-11-02 14:13	--------	d-----w-	c:\windows\ERUNT
2014-11-02 13:47 . 2014-11-02 13:51	--------	d-----w-	C:\AdwCleaner
2014-11-02 13:01 . 2014-11-03 12:56	114904	----a-w-	c:\windows\system32\drivers\MBAMSwissArmy.sys
2014-11-02 12:59 . 2014-10-01 10:11	51928	----a-w-	c:\windows\system32\drivers\mwac.sys
2014-11-02 12:59 . 2014-10-01 10:11	75480	----a-w-	c:\windows\system32\drivers\mbamchameleon.sys
2014-11-02 12:59 . 2014-10-01 10:11	23256	----a-w-	c:\windows\system32\drivers\mbam.sys
2014-11-02 12:59 . 2014-11-02 12:59	--------	d-----w-	c:\programdata\Malwarebytes
2014-11-02 12:25 . 2014-11-02 12:29	--------	d-----w-	C:\FRST
2014-11-02 12:21 . 2014-11-02 12:21	--------	d-----w-	c:\program files\VS Revo Group
2014-11-01 16:30 . 2014-10-14 20:13	8901368	----a-w-	c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2014-10-28 00:53 . 2014-10-28 00:53	--------	d-----w-	c:\users\Jakob\AppData\Roaming\dlg
2014-10-28 00:48 . 2014-10-28 00:48	--------	d-----w-	c:\users\Jakob\AppData\Roaming\WHService
2014-10-27 15:05 . 2014-10-27 15:05	2058	----a-w-	c:\windows\patsearch.bin
2014-10-18 21:04 . 2014-10-18 21:04	--------	d-----w-	c:\program files\Mozilla Maintenance Service
2014-10-18 21:04 . 2014-10-11 12:54	48240	----a-w-	c:\program files\Mozilla Firefox\browser\components\browsercomps.dll
2014-10-18 21:04 . 2014-10-11 12:53	220784	----a-w-	c:\program files\Mozilla Firefox\sandboxbroker.dll
2014-10-18 12:56 . 2014-10-18 12:56	--------	d-----w-	c:\program files\CCleaner
2014-10-16 21:20 . 2014-09-15 00:42	2377216	----a-w-	c:\windows\system32\win32k.sys
2014-10-08 15:28 . 2014-11-03 23:05	--------	d-----w-	c:\users\Jakob\AppData\Roaming\Spotify
2014-10-05 12:06 . 2014-10-05 12:06	--------	d-----w-	c:\users\Jakob\AppData\Roaming\BandExtend
2014-10-05 11:51 . 2014-10-05 20:48	--------	d-----w-	c:\program files\Real
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-10-30 11:24 . 2009-12-22 13:13	229000	------w-	c:\windows\system32\MpSigStub.exe
2014-10-05 11:51 . 2009-01-16 16:34	505416	----a-w-	c:\windows\system32\msvcp71.dll
2014-10-05 11:51 . 2003-02-21 16:42	353864	----a-w-	c:\windows\system32\msvcr71.dll
2014-09-16 22:43 . 2012-02-10 16:47	908840	----a-w-	c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll
2014-09-09 23:52 . 2013-05-30 10:03	701104	----a-w-	c:\windows\system32\FlashPlayerApp.exe
2014-09-09 23:52 . 2011-12-21 18:37	71344	----a-w-	c:\windows\system32\FlashPlayerCPLApp.cpl
2014-09-02 18:16 . 2014-09-02 18:16	634880	----a-w-	C:\DirectControl.exe
2012-09-24 17:39 . 2012-09-24 17:39	39483256	----a-w-	c:\program files\QuickTimeInstaller.exe
2010-04-03 17:40 . 2011-12-29 19:19	245760	----a-w-	c:\program files\Uninstall Ask Toolbar.dll
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\~\Browser Helper Objects\{0025320D-4D37-4C73-9A5C-0C28F04068A3}]
2014-10-01 14:47	2237952	----a-w-	c:\users\Jakob\AppData\LocalLow\IE-BHO\bho.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CCleaner Monitoring"="c:\program files\CCleaner\CCleaner.exe" [2014-09-26 4811032]
"Spotify"="c:\users\Jakob\AppData\Roaming\Spotify\Spotify.exe" [2014-11-02 6553144]
"Spotify Web Helper"="c:\users\Jakob\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe" [2014-11-02 1514040]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2012-11-05 89184]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2014-08-22 974432]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2014-08-21 959176]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"AvgUninstallURL"="start hxxp://www.avg.com/ww.special-uninstallation-feedback-app?lic=OQBBAFYARgBSAEUARQAtAFYAMgBHADMASwAtADgANwBXAFUAVQAtADIAVABWAEgAQQAtAFgANgBEAEYAOAAtAEwANgBQAEEATgA&inst=NwA3AC0ANAAzADkANAAwADIANgA4ADUALQBCAEEAUgA5AE8AKwAxAC0ARgBMACsAOQAtAEYAOQBNADYAKwAxAC0AWABPADMANgArADEALQBGADkATQA3AEMAKwA1AC0AWABPADkAKwAxAC0ARgA5AE0AMwArADEALQBEAEQAVAArADkANAA1ADQALQBEAEQAOQAwAEYAKwAxAC0AUwBUADkAMABGAEEAUABQACsAMQAtAEYAVQBJACsAMgA&prod=90&ver=9.0.894" [?]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Hotkey.lnk]
backup=c:\windows\pss\Hotkey.lnk.CommonStartup
backupExtension=.CommonStartup
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Hotkey.lnk
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^McAfee Security Scan Plus.lnk]
backup=c:\windows\pss\McAfee Security Scan Plus.lnk.CommonStartup
backupExtension=.CommonStartup
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\{2136E952-826A-440D-A56F-BF568930D5EA}]
c:\program files\Vodafone\HighPerformance Client\bmoc -d [X]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BisonHK]
2008-03-25 14:46	77824	----a-w-	c:\windows\BisonCam\BisonHK.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BisonInst0402]
2008-01-03 00:57	65536	----a-w-	c:\windows\BisonCam\InitDriverx86.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXUpdate]
2011-07-28 23:08	1259376	----a-w-	c:\program files\DivX\DivX Update\DivXUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2009-10-11 03:17	149280	----a-w-	c:\program files\Java\jre6\bin\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
.
R2 RealNetworks Downloader Resolver Service;RealNetworks Downloader Resolver Service;c:\program files\RealNetworks\RealDownloader\rndlresolversvc.exe [x]
R2 WHService;WHService;c:\users\Jakob\AppData\Roaming\WHService\wh.exe [2014-10-23 628736]
R3 AF9035HB;AF9035 Hybrid Device;c:\windows\system32\Drivers\AF9035HB.sys [2012-02-11 855808]
R3 ewusbnet;HUAWEI USB-NDIS miniport;c:\windows\system32\DRIVERS\ewusbnet.sys [2009-06-29 112128]
R3 hwusbfake;Huawei DataCard USB Fake;c:\windows\system32\DRIVERS\ewusbfake.sys [2009-06-29 102912]
R3 ivusb;Initio Driver for USB Default Controller;c:\windows\system32\DRIVERS\ivusb.sys [2010-07-28 25112]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2014-07-17 95920]
R3 NisSrv;Microsoft-Netzwerkinspektion;c:\program files\Microsoft Security Client\NisSrv.exe [2014-08-22 288120]
R3 SiS6350;SiS6350;c:\windows\system32\DRIVERS\SISGRKMD.sys [x]
R4 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2010-11-28 697328]
S3 JMCR;JMCR;c:\windows\system32\DRIVERS\jmcr.sys [2009-10-16 120432]
S3 RTL8187B;Realtek RTL8187B Wireless 802.11b/g 54Mbps USB 2.0 Network Adapter;c:\windows\system32\DRIVERS\RTL8187B.sys [2010-03-31 379904]
S3 SiSGbeLH;NDIS 6.0-Treiber für SiS191/SiS190-Ethernet-Gerät;c:\windows\system32\DRIVERS\SiSGB6.sys [2009-07-13 48128]
.
.
Inhalt des "geplante Tasks" Ordners
.
2014-11-03 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2013-05-30 23:52]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.google.com
uDefault_Search_URL = hxxp://www.google.com
mStart Page = www.google.com
uSearchAssistant = www.google.com
IE: An OneNote s&enden - c:\progra~1\MICROS~3\Office14\ONBttnIE.dll/105
IE: Free YouTube to Mp3 Converter - c:\program files\Common Files\DVDVideoSoft\plugins\freeytmp3downloader.htm
IE: Nach Microsoft E&xcel exportieren - c:\progra~1\MICROS~3\Office14\EXCEL.EXE/3000
IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.178.1
TCP: Interfaces\{B07ECBE4-9AAF-4ABC-8D30-DA46F6686C7B}: NameServer = 192.168.0.1
FF - ProfilePath - c:\users\Jakob\AppData\Roaming\Mozilla\Firefox\Profiles\o5hwgb2r.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.google.de/
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2014-11-04  00:18:45
ComboFix-quarantined-files.txt  2014-11-03 23:18
ComboFix2.txt  2014-11-03 13:51
.
Vor Suchlauf: 24 Verzeichnis(se), 46.994.276.352 Bytes frei
Nach Suchlauf: 25 Verzeichnis(se), 46.939.217.920 Bytes frei
.
- - End Of File - - 668CD1E9CCC38861359596073EE6247B
A36C5E4F47E84449FF07ED3517B43A31
         


Ich weiß nicht ob es mit dem gesamten Problem zusammenhängt aber nun gibt es auch "einen unbekannten Fehler im Windows Explorer"... Die Taskleiste verschwindet kurz samt Icons des Desktop und es wird angeboten das Programm zu schließen oder nach Lösungen zu suchen...

Gute Nacht und Danke für Deine Hilfe!
__________________

Alt 04.11.2014, 10:36   #4
schrauber
/// the machine
/// TB-Ausbilder
 

Win7: Firefox öffnet ständig neue Tabs, Webseiten trotz AddBlock voll mit Werbeblöcken - Standard

Win7: Firefox öffnet ständig neue Tabs, Webseiten trotz AddBlock voll mit Werbeblöcken



Downloade Dir bitte Malwarebytes Anti-Malware
  • Installiere das Programm in den vorgegebenen Pfad. (Bebilderte Anleitung zu MBAM)
  • Starte Malwarebytes' Anti-Malware (MBAM).
  • Klicke im Anschluss auf Scannen, wähle den Bedrohungssuchlauf aus und klicke auf Suchlauf starten.
  • Lass am Ende des Suchlaufs alle Funde (falls vorhanden) in die Quarantäne verschieben. Klicke dazu auf Auswahl entfernen.
  • Lass deinen Rechner ggf. neu starten, um die Bereinigung abzuschließen.
  • Starte MBAM, klicke auf Verlauf und dann auf Anwendungsprotokolle.
  • Wähle das neueste Scan-Protokoll aus und klicke auf Export. Wähle Textdatei (.txt) aus und speichere die Datei als mbam.txt auf dem Desktop ab. Das Logfile von MBAM findest du hier.
  • Füge den Inhalt der mbam.txt mit deiner nächsten Antwort hinzu.


Downloade Dir bitte AdwCleaner Logo Icon AdwCleaner auf deinen Desktop.
  • Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
  • Starte die AdwCleaner.exe mit einem Doppelklick.
  • Stimme den Nutzungsbedingungen zu.
  • Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
    • "Tracing" Schlüssel löschen
    • Winsock Einstellungen zurücksetzen
    • Proxy Einstellungen zurücksetzen
    • Internet Explorer Richtlinien zurücksetzen
    • Chrome Richtlinien zurücksetzen
    • Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
  • Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
  • Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
  • Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

  • Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
  • Drücke eine beliebige Taste, um das Tool zu starten.
  • Je nach System kann der Scan eine Weile dauern.
  • Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
  • Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.


und ein frisches FRST log bitte.
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 05.11.2014, 20:08   #5
PegLeg
 
Win7: Firefox öffnet ständig neue Tabs, Webseiten trotz AddBlock voll mit Werbeblöcken - Standard

Win7: Firefox öffnet ständig neue Tabs, Webseiten trotz AddBlock voll mit Werbeblöcken



AdwCleaner

Code:
ATTFilter
# AdwCleaner v4.002 - Bericht erstellt am 05/11/2014 um 20:16:40
# DB v2014-11-02.1
# Aktualisiert 27/10/2014 von Xplode
# Betriebssystem : Windows 7 Home Premium  (32 bits)
# Benutzername : Jakob - NB-JAKOB
# Gestartet von : C:\Users\Jakob\Desktop\AdwCleaner_4.002(1).exe
# Option : Löschen

***** [ Dienste ] *****


***** [ Dateien / Ordner ] *****


***** [ Tasks ] *****


***** [ Verknüpfungen ] *****


***** [ Registrierungsdatenbank ] *****

Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\GoogleUpdate.exe

***** [ Browser ] *****

-\\ Internet Explorer v9.0.8112.16476


-\\ Mozilla Firefox v33.0 (x86 de)


*************************

AdwCleaner[R0].txt - [21270 octets] - [02/11/2014 14:47:24]
AdwCleaner[R1].txt - [999 octets] - [05/11/2014 20:12:40]
AdwCleaner[S0].txt - [20979 octets] - [02/11/2014 14:51:22]
AdwCleaner[S1].txt - [913 octets] - [05/11/2014 20:16:40]

########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [972 octets] ##########
         
JRT

Code:
ATTFilter
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.3.5 (10.31.2014:1)
OS: Windows 7 Home Premium x86
Ran by Jakob on 05.11.2014 at 20:31:23,23
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys



~~~ Files



~~~ Folders



~~~ FireFox

Emptied folder: C:\Users\Jakob\AppData\Roaming\mozilla\firefox\profiles\o5hwgb2r.default\minidumps [4 files]



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 05.11.2014 at 20:34:05,41
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
         

FRST


FRST Logfile:

FRST Logfile:

FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 04-11-2014
Ran by Jakob (administrator) on NB-JAKOB on 05-11-2014 20:45:55
Running from C:\Users\Jakob\Desktop
Loaded Profile: Jakob (Available profiles: Jakob)
Platform: Microsoft Windows 7 Home Premium  (X86) OS Language: Deutsch (Deutschland)
Internet Explorer Version 9
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(Nero AG) C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
() C:\Users\Jakob\AppData\Roaming\WHService\wh.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner.exe
(Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe
(Spotify Ltd) C:\Users\Jakob\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
(Microsoft Corporation) C:\Windows\System32\wuauclt.exe
(DT Soft Ltd) C:\Program Files\DAEMON Tools Pro\DTShellHlp.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [BCSSync] => C:\Program Files\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation)
HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [974432 2014-08-22] (Microsoft Corporation)
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959176 2014-08-21] (Adobe Systems Incorporated)
HKLM\...\RunOnce: [AvgUninstallURL] => cmd.exe /c start hxxp://www.avg.com/ww.special-uninstallation-feedback-app?lic=OQBBAFYARgBSAEUARQAtAFYAMgBHADMASwAtADgANwBXAFUAVQAtADIAVABWAEgAQQAtAFgANgBEAEYAOAAtAEwANgBQAEEATgA"&"inst=NwA3AC0ANAAzAD (the data entry has 261 more characters).
HKU\S-1-5-21-2661586429-2275987487-1405664113-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner.exe [4811032 2014-09-26] (Piriform Ltd)
HKU\S-1-5-21-2661586429-2275987487-1405664113-1000\...\Run: [Spotify] => C:\Users\Jakob\AppData\Roaming\Spotify\Spotify.exe [6553144 2014-11-02] (Spotify Ltd)
HKU\S-1-5-21-2661586429-2275987487-1405664113-1000\...\Run: [Spotify Web Helper] => C:\Users\Jakob\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1514040 2014-11-02] (Spotify Ltd)
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
CHR HKCU\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-2661586429-2275987487-1405664113-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
BHO: No Name -> {0025320D-4D37-4C73-9A5C-0C28F04068A3} -> C:\Users\Jakob\AppData\LocalLow\IE-BHO\bho.dll ()
BHO: RealNetworks Download and Record Plugin for Internet Explorer -> {3049C3E9-B461-4BC5-8870-4C09146192CA} -> C:\Program Files\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll No File
BHO: DivX Plus Web Player HTML5 <video> -> {326E768D-4182-46FD-9C16-1449A49795F4} -> C:\Program Files\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
Toolbar: HKCU - No Name - {21FA44EF-376D-4D53-9B0F-8A89D3229068} -  No File
Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1
Tcpip\..\Interfaces\{B07ECBE4-9AAF-4ABC-8D30-DA46F6686C7B}: [NameServer] 192.168.0.1

FireFox:
========
FF ProfilePath: C:\Users\Jakob\AppData\Roaming\Mozilla\Firefox\Profiles\o5hwgb2r.default
FF DefaultSearchEngine: Google
FF SelectedSearchEngine: Google
FF Homepage: hxxp://www.google.de/
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_15_0_0_152.dll ()
FF Plugin: @adobe.com/ShockwavePlayer -> C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF Plugin: @divx.com/DivX Browser Plugin,version=1.0.0 -> C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeLive,version=1.3 -> C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin: @real.com/nprndlhtml5videoshim;version=17.0.12 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll No File
FF Plugin: @real.com/nprpjplug;version=6.0.12.448 -> C:\Program Files\Win7codecs\rm\browser\plugins\nprpjplug.dll (RealNetworks, Inc.)
FF Plugin: @videolan.org/vlc,version=1.0.3 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.5 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin6.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin7.dll (Apple Inc.)
FF SearchPlugin: C:\Users\Jakob\AppData\Roaming\Mozilla\Firefox\Profiles\o5hwgb2r.default\searchplugins\MyOnlineSearch.xml
FF SearchPlugin: C:\Users\Jakob\AppData\Roaming\Mozilla\Firefox\Profiles\o5hwgb2r.default\searchplugins\yahoo-msd.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: 551f29203c1911e1b86c0800200c9a66jetpack - C:\Users\Jakob\AppData\Roaming\Mozilla\Firefox\Profiles\o5hwgb2r.default\Extensions\551f2920-3c19-11e1-b86c-0800200c9a66@jetpack [2014-10-07]
FF Extension: Fox Sec 7 - C:\Users\Jakob\AppData\Roaming\Mozilla\Firefox\Profiles\o5hwgb2r.default\Extensions\fx@foxysecureKDJJHVLSDUVFU.com [2014-10-28]
FF Extension: httpnowherecwilpergithubcom - C:\Users\Jakob\AppData\Roaming\Mozilla\Firefox\Profiles\o5hwgb2r.default\Extensions\http-nowhere@cwilper.github.com [2014-11-01]
FF Extension: pagerankclientkoeniglichch - C:\Users\Jakob\AppData\Roaming\Mozilla\Firefox\Profiles\o5hwgb2r.default\Extensions\pagerank-client@koeniglich.ch [2014-10-08]
FF Extension: Grooveshark Unlocker - C:\Users\Jakob\AppData\Roaming\Mozilla\Firefox\Profiles\o5hwgb2r.default\Extensions\groovesharkUnlocker@overlord1337.xpi [2013-08-09]
FF Extension: Smoother Web - C:\Users\Jakob\AppData\Roaming\Mozilla\Firefox\Profiles\o5hwgb2r.default\Extensions\jid1-U7omKQ6kQfxMaQ@jetpack.xpi [2014-10-03]
FF Extension: Suche App - C:\Users\Jakob\AppData\Roaming\Mozilla\Firefox\Profiles\o5hwgb2r.default\Extensions\{47744fca-0011-4ba5-ba33-24ae19355a42}.xpi [2014-07-20]
FF Extension: Adblock Plus - C:\Users\Jakob\AppData\Roaming\Mozilla\Firefox\Profiles\o5hwgb2r.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-03-20]
FF HKLM\...\Firefox\Extensions: [{23fcfd51-4958-4f00-80a3-ae97e717ed8b}] - C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5
FF Extension: DivX Plus Web Player HTML5 &lt;video&gt; - C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2012-03-13]
FF HKLM\...\Firefox\Extensions: [{7C9C2591-51ED-44FA-8D03-450B92643F95}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext
FF HKCU\...\Firefox\Extensions: [{B64D9B05-48E1-4CEB-BF58-E0643994E900}] - C:\Program Files\Common Files\DVDVideoSoft\plugins\ff
FF Extension: Download videos and MP3s from YouTube - C:\Program Files\Common Files\DVDVideoSoft\plugins\ff [2014-04-10]

Chrome: 
=======
CHR HKLM\...\Chrome\Extension: [nneajnkjbffgblleaoojgaacokifdkhm] - C:\Program Files\DivX\DivX Plus Web Player\chrome\DivXHTML5\DivXHTML5.crx [2011-12-12]

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [22192 2014-08-22] (Microsoft Corporation)
S3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [288120 2014-08-22] (Microsoft Corporation)
R2 WHService; C:\Users\Jakob\AppData\Roaming\WHService\wh.exe [628736 2014-10-23] () [File not signed]
S2 RealNetworks Downloader Resolver Service; "C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe" [X]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S3 AF9035HB; C:\Windows\System32\Drivers\AF9035HB.sys [855808 2012-02-11] (AfaTech                  )
R3 Afc; C:\Windows\System32\drivers\Afc.sys [18688 2006-11-10] (Arcsoft, Inc.)
S3 hwusbfake; C:\Windows\System32\DRIVERS\ewusbfake.sys [102912 2009-06-29] (Huawei Technologies Co., Ltd.)
S3 ivusb; C:\Windows\System32\DRIVERS\ivusb.sys [25112 2010-07-29] (Initio Corporation)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [231800 2014-07-17] (Microsoft Corporation)
R3 RTL8187B; C:\Windows\System32\DRIVERS\RTL8187B.sys [379904 2010-03-31] (Realtek Semiconductor Corporation                           )
S4 sptd; C:\Windows\System32\Drivers\sptd.sys [697328 2010-11-29] (Duplex Secure Ltd.)
U5 AppMgmt; C:\Windows\system32\svchost.exe [20992 2009-07-14] (Microsoft Corporation)
S3 catchme; \??\C:\Users\Jakob\AppData\Local\Temp\catchme.sys [X]
S3 SiS6350; system32\DRIVERS\SISGRKMD.sys [X]

==================== NetSvcs (Whitelisted) ===================


(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-11-05 20:45 - 2014-11-05 20:45 - 00000000 ____D () C:\Users\Jakob\Desktop\FRST-OlderVersion
2014-11-05 20:34 - 2014-11-05 20:42 - 00000756 _____ () C:\Users\Jakob\Desktop\JRT.txt
2014-11-05 20:11 - 2014-11-05 20:11 - 01998336 _____ () C:\Users\Jakob\Desktop\AdwCleaner_4.002(1).exe
2014-11-04 00:18 - 2014-11-04 00:18 - 00011022 _____ () C:\ComboFix.txt
2014-11-03 14:39 - 2011-06-26 07:45 - 00256000 _____ () C:\Windows\PEV.exe
2014-11-03 14:39 - 2010-11-07 18:20 - 00208896 _____ () C:\Windows\MBR.exe
2014-11-03 14:39 - 2009-04-20 05:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2014-11-03 14:39 - 2000-08-31 01:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2014-11-03 14:39 - 2000-08-31 01:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2014-11-03 14:39 - 2000-08-31 01:00 - 00098816 _____ () C:\Windows\sed.exe
2014-11-03 14:39 - 2000-08-31 01:00 - 00080412 _____ () C:\Windows\grep.exe
2014-11-03 14:39 - 2000-08-31 01:00 - 00068096 _____ () C:\Windows\zip.exe
2014-11-03 14:37 - 2014-11-04 00:18 - 00000000 ____D () C:\Qoobox
2014-11-03 14:37 - 2014-11-03 14:49 - 00000000 ____D () C:\Windows\erdnt
2014-11-03 14:36 - 2014-11-03 14:36 - 05591672 ____R (Swearware) C:\Users\Jakob\Desktop\ComboFix.exe
2014-11-03 13:23 - 2014-11-03 13:23 - 00004147 _____ () C:\Users\Jakob\Desktop\Gmer.txt
2014-11-03 13:03 - 2014-11-03 13:03 - 00380416 _____ () C:\Users\Jakob\Desktop\Gmer-19357.exe
2014-11-03 12:55 - 2014-11-03 13:01 - 00000524 _____ () C:\Users\Jakob\Desktop\defogger_disable.log
2014-11-03 12:55 - 2014-11-03 12:55 - 00000020 _____ () C:\Users\Jakob\defogger_reenable
2014-11-03 12:54 - 2014-11-03 12:54 - 00050477 _____ () C:\Users\Jakob\Desktop\Defogger.exe
2014-11-02 16:00 - 2014-11-02 17:35 - 00000000 ____D () C:\Users\Jakob\AppData\Local\Spotify
2014-11-02 16:00 - 2014-11-02 16:00 - 00001805 _____ () C:\Users\Jakob\Desktop\Spotify.lnk
2014-11-02 16:00 - 2014-11-02 16:00 - 00001791 _____ () C:\Users\Jakob\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Spotify.lnk
2014-11-02 15:59 - 2014-11-02 15:59 - 00137888 _____ (Spotify Ltd) C:\Users\Jakob\Downloads\SpotifySetup(1).exe
2014-11-02 15:13 - 2014-11-02 15:13 - 00000000 ____D () C:\Windows\ERUNT
2014-11-02 15:12 - 2014-11-02 15:12 - 01706359 _____ (Thisisu) C:\Users\Jakob\Desktop\JRT.exe
2014-11-02 14:47 - 2014-11-05 20:29 - 00000000 ____D () C:\AdwCleaner
2014-11-02 14:45 - 2014-11-02 14:46 - 01998336 _____ () C:\Users\Jakob\Downloads\AdwCleaner_4.002.exe
2014-11-02 14:39 - 2014-11-05 20:18 - 00150038 _____ () C:\Windows\PFRO.log
2014-11-02 14:01 - 2014-11-05 20:07 - 00114904 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-11-02 14:00 - 2014-11-02 14:00 - 00000776 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-11-02 14:00 - 2014-11-02 14:00 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2014-11-02 13:59 - 2014-11-02 14:00 - 00000000 ____D () C:\Users\Jakob\Desktop\ Malwarebytes Anti-Malware 
2014-11-02 13:59 - 2014-11-02 13:59 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-11-02 13:59 - 2014-10-01 11:11 - 00075480 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-11-02 13:59 - 2014-10-01 11:11 - 00051928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-11-02 13:59 - 2014-10-01 11:11 - 00023256 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-11-02 13:57 - 2014-11-02 13:58 - 19828376 _____ (Malwarebytes Corporation ) C:\Users\Jakob\Downloads\mbam-setup-2.0.3.1025.exe
2014-11-02 13:28 - 2014-11-02 13:29 - 00032453 _____ () C:\Users\Jakob\Desktop\Addition.txt
2014-11-02 13:25 - 2014-11-05 20:45 - 01106432 _____ (Farbar) C:\Users\Jakob\Desktop\FRST.exe
2014-11-02 13:25 - 2014-11-05 20:45 - 00012212 _____ () C:\Users\Jakob\Desktop\FRST.txt
2014-11-02 13:25 - 2014-11-05 20:45 - 00000000 ____D () C:\FRST
2014-11-02 13:24 - 2014-11-05 20:19 - 00001581 _____ () C:\Windows\setupact.log
2014-11-02 13:24 - 2014-11-02 13:24 - 00000000 _____ () C:\Windows\setuperr.log
2014-11-02 13:21 - 2014-11-02 13:21 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\Jakob\Downloads\revosetup95.exe
2014-11-02 13:21 - 2014-11-02 13:21 - 00001226 _____ () C:\Users\Jakob\Desktop\Revo Uninstaller.lnk
2014-11-02 13:21 - 2014-11-02 13:21 - 00000000 ____D () C:\Program Files\VS Revo Group
2014-10-28 01:53 - 2014-10-28 01:53 - 00000000 ____D () C:\Users\Jakob\AppData\Roaming\dlg
2014-10-28 01:48 - 2014-10-28 01:48 - 00000000 ____D () C:\Users\Jakob\AppData\Roaming\WHService
2014-10-28 01:46 - 2014-10-28 01:47 - 00664568 _____ () C:\Users\Jakob\Downloads\adblock-plus-firefox.exe
2014-10-27 16:05 - 2014-10-27 16:05 - 00002058 _____ () C:\Windows\patsearch.bin
2014-10-27 16:05 - 2014-10-27 16:05 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_Kernel_webinstrNew_01009.Wdf
2014-10-27 14:21 - 2014-10-27 14:21 - 104855036 _____ () C:\Users\Jakob\Downloads\stefanie 3_Abmischung neu 261014 (4).wav
2014-10-27 14:19 - 2014-10-27 14:19 - 104852988 _____ () C:\Users\Jakob\Downloads\stefanie 3_Abmischung alt mir kleinen veränderungen.wav
2014-10-23 12:06 - 2014-10-23 12:09 - 40380620 _____ () C:\Users\Jakob\Desktop\Shiny .wav
2014-10-23 12:01 - 2014-10-23 12:06 - 68543306 _____ () C:\Users\Jakob\Desktop\Poppy(1).wav
2014-10-23 11:57 - 2014-10-23 12:00 - 39614060 _____ () C:\Users\Jakob\Desktop\Hiroshima2.wav
2014-10-23 11:53 - 2014-10-23 11:56 - 57003782 _____ () C:\Users\Jakob\Desktop\Bambi.wav
2014-10-23 11:48 - 2014-10-23 11:52 - 48251576 _____ () C:\Users\Jakob\Desktop\_.wav
2014-10-18 22:04 - 2014-10-18 22:04 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2014-10-18 22:02 - 2014-10-18 22:03 - 36865528 _____ () C:\Users\Jakob\Downloads\WEB.DE_Firefox_Setup(1).exe
2014-10-18 13:56 - 2014-10-18 13:56 - 00000969 _____ () C:\Users\Public\Desktop\CCleaner.lnk
2014-10-18 13:56 - 2014-10-18 13:56 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2014-10-18 13:56 - 2014-10-18 13:56 - 00000000 ____D () C:\Program Files\CCleaner
2014-10-18 13:54 - 2014-10-18 13:55 - 03836936 _____ (Piriform Ltd) C:\Users\Jakob\Downloads\ccsetup418_slim.exe
2014-10-17 23:30 - 2014-10-17 23:30 - 00000000 ____D () C:\Users\Jakob\Desktop\#Erstmal cool
2014-10-16 22:20 - 2014-09-15 01:42 - 02377216 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-10-08 17:14 - 2014-10-08 17:16 - 00000000 ____D () C:\Users\Jakob\Desktop\is vorträge
2014-10-08 16:28 - 2014-11-05 20:24 - 00000000 ____D () C:\Users\Jakob\AppData\Roaming\Spotify
2014-10-08 16:26 - 2014-10-08 16:26 - 00137888 _____ (Spotify Ltd) C:\Users\Jakob\Downloads\SpotifySetup.exe

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-11-05 20:26 - 2009-07-14 05:34 - 00009696 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-11-05 20:26 - 2009-07-14 05:34 - 00009696 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-11-05 20:23 - 2009-12-22 13:55 - 01365464 _____ () C:\Windows\WindowsUpdate.log
2014-11-05 20:19 - 2012-05-18 17:14 - 00065536 _____ () C:\Windows\system32\Ikeext.etl
2014-11-05 20:19 - 2009-07-14 05:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-11-05 20:04 - 2009-11-26 16:44 - 01507106 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-11-05 19:52 - 2014-01-08 21:59 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-11-04 18:56 - 2013-02-25 12:54 - 00945152 ___SH () C:\Users\Jakob\Desktop\Thumbs.db
2014-11-04 01:52 - 2012-06-19 14:56 - 00000000 ____D () C:\Users\Jakob\AppData\Local\CrashDumps
2014-11-04 00:16 - 2009-07-14 03:04 - 00000215 _____ () C:\Windows\system.ini
2014-11-03 14:51 - 2009-07-14 03:37 - 00000000 ___RD () C:\Users\Public
2014-11-03 14:51 - 2009-07-14 03:37 - 00000000 ___RD () C:\Users\Default
2014-11-03 12:55 - 2009-12-22 13:55 - 00000000 ____D () C:\Users\Jakob
2014-11-03 09:13 - 2014-02-12 17:19 - 00000000 ____D () C:\Users\Jakob\Documents\papierkack
2014-11-03 09:13 - 2010-04-25 22:26 - 00002980 _____ () C:\Users\Jakob\AppData\Roaming\wklnhst.dat
2014-11-03 09:12 - 2013-09-22 17:54 - 00000000 ____D () C:\Users\Jakob\Documents\schule
2014-11-02 14:51 - 2014-10-03 18:57 - 00000601 _____ () C:\Users\Jakob\Desktop\Search.lnk
2014-11-02 13:50 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\tracing
2014-11-02 12:59 - 2010-08-09 01:03 - 00000000 ____D () C:\Users\Jakob\AppData\Local\Google
2014-11-02 12:59 - 2010-08-09 01:03 - 00000000 ____D () C:\Program Files\Google
2014-10-30 12:24 - 2009-12-22 14:13 - 00229000 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2014-10-27 16:48 - 2013-04-23 19:34 - 00000000 ____D () C:\ProgramData\TEMP
2014-10-27 16:44 - 2012-06-17 19:50 - 00000000 ____D () C:\Windows\Minidump
2014-10-27 00:37 - 2014-01-08 00:37 - 00000155 _____ () C:\Users\Jakob\AppData\Roaming\WB.CFG
2014-10-25 20:26 - 2014-10-03 16:47 - 00000000 ___HD () C:\Users\Public\Temp
2014-10-18 22:04 - 2014-09-25 08:02 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2014-10-18 22:04 - 2012-03-17 12:52 - 00001109 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2014-10-18 22:04 - 2011-05-18 16:04 - 00001121 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2014-10-18 21:53 - 2009-07-14 05:33 - 00436296 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-10-18 15:57 - 2009-12-23 11:40 - 00000000 ____D () C:\Users\Jakob\AppData\Roaming\vlc
2014-10-18 15:57 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\system32\wfp
2014-10-18 15:57 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\registration
2014-10-18 15:57 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\AppCompat
2014-10-18 14:12 - 2010-11-28 23:58 - 00000000 ____D () C:\Users\Jakob\AppData\Roaming\DAEMON Tools Pro
2014-10-18 14:11 - 2009-11-27 01:31 - 00000000 ____D () C:\Windows\Panther
2014-10-18 07:44 - 2009-11-26 16:42 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-10-18 07:42 - 2013-07-15 04:40 - 00000000 ____D () C:\Windows\system32\MRT
2014-10-18 07:01 - 2009-12-23 09:05 - 100290944 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-10-13 14:20 - 2009-07-14 05:53 - 00032632 _____ () C:\Windows\Tasks\SCHEDLGU.TXT

Some content of TEMP:
====================
C:\Users\Jakob\AppData\Local\temp\sqlite3.dll


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-11-05 19:56

==================== End Of Log ============================
         
--- --- ---

--- --- ---

--- --- ---


Geändert von PegLeg (05.11.2014 um 20:16 Uhr)

Alt 05.11.2014, 20:20   #6
PegLeg
 
Win7: Firefox öffnet ständig neue Tabs, Webseiten trotz AddBlock voll mit Werbeblöcken - Standard

Win7: Firefox öffnet ständig neue Tabs, Webseiten trotz AddBlock voll mit Werbeblöcken



da die mbam Datei zu groß ist, hier nun als .zip ...

Alt 06.11.2014, 12:23   #7
schrauber
/// the machine
/// TB-Ausbilder
 

Win7: Firefox öffnet ständig neue Tabs, Webseiten trotz AddBlock voll mit Werbeblöcken - Standard

Win7: Firefox öffnet ständig neue Tabs, Webseiten trotz AddBlock voll mit Werbeblöcken




ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset


Downloade Dir bitte SecurityCheck und:

  • Speichere es auf dem Desktop.
  • Starte SecurityCheck.exe und folge den Anweisungen in der DOS-Box.
  • Wenn der Scan beendet wurde sollte sich ein Textdokument (checkup.txt) öffnen.
Poste den Inhalt bitte hier.

und ein frisches FRST log bitte. Noch Probleme?
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 09.11.2014, 18:17   #8
PegLeg
 
Win7: Firefox öffnet ständig neue Tabs, Webseiten trotz AddBlock voll mit Werbeblöcken - Standard

Win7: Firefox öffnet ständig neue Tabs, Webseiten trotz AddBlock voll mit Werbeblöcken



Alles in Ordnung! Vielen Dank!
Hat super geholfen!

Alt 10.11.2014, 15:40   #9
schrauber
/// the machine
/// TB-Ausbilder
 

Win7: Firefox öffnet ständig neue Tabs, Webseiten trotz AddBlock voll mit Werbeblöcken - Standard

Win7: Firefox öffnet ständig neue Tabs, Webseiten trotz AddBlock voll mit Werbeblöcken



obige Kontrollscans bitte noch machen
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Antwort

Themen zu Win7: Firefox öffnet ständig neue Tabs, Webseiten trotz AddBlock voll mit Werbeblöcken
4d36e972-e325-11ce-bfc1-08002be10318, aartemis, aartemis entfernen, adobe flash player packages entfernen, ccsetup, dvdvideosoft ltd., fehlercode 0x5, fehlercode 0x80000003, fehlercode 0xc0000005, fehlercode 0xe06d7363, fehlercode 24, fehlercode windows, flash player, homepage, iexplore.exe, install.exe, neue tabs mit werbung, newtab, registry, software, spotify web helper, svchost.exe, system error, tabs mit werbung, tabs werbung browser öffnet unaufgefordert, teredo, this device cannot start. (code10), verschiebt, video converter packages entfernen, werbung, werbung vermehrt im browser, windows



Ähnliche Themen: Win7: Firefox öffnet ständig neue Tabs, Webseiten trotz AddBlock voll mit Werbeblöcken


  1. Firefox lädt ständig - ununterbrochen neu/Werbung/neue Tabs/neue Fenster
    Log-Analyse und Auswertung - 28.10.2015 (11)
  2. Mozilla Firefox öffnet ständig Werbung und neue Tabs mit Werbung
    Log-Analyse und Auswertung - 21.07.2015 (10)
  3. Firefox und Explorer öffnen ständig neue Tabs
    Log-Analyse und Auswertung - 21.06.2015 (3)
  4. Web-Browser Google Chrome öffnet ständig Werbe-Fenster und neue Tabs
    Plagegeister aller Art und deren Bekämpfung - 15.10.2014 (11)
  5. Windows7 Firefox öffnet ständig neue Tabs mit Werbung
    Log-Analyse und Auswertung - 20.08.2014 (11)
  6. Firefox öffnet neue Tabs und überall Pop-Ups
    Log-Analyse und Auswertung - 11.08.2014 (15)
  7. Firefox öffnet willkürlich neue Tabs
    Plagegeister aller Art und deren Bekämpfung - 13.07.2014 (18)
  8. Win7: Firefox öffnet selbstständig neue Tabs
    Plagegeister aller Art und deren Bekämpfung - 01.06.2014 (25)
  9. Mozilla Firefox öffnet neue Tabs
    Plagegeister aller Art und deren Bekämpfung - 27.04.2014 (3)
  10. Win7: Firefox öffnet ständig Tabs mit Werbung und Warnungen
    Log-Analyse und Auswertung - 10.03.2014 (7)
  11. Firefox öffnet selbstständig neue Tabs
    Plagegeister aller Art und deren Bekämpfung - 18.02.2014 (3)
  12. Mozilla Firefox Pupups und neue Tabs: ohne Besuch Webseiten
    Log-Analyse und Auswertung - 14.02.2014 (4)
  13. Firefox öffnet automatisch neue Tabs
    Plagegeister aller Art und deren Bekämpfung - 13.09.2013 (21)
  14. Firefox öffnet neue Tabs mit Werbung
    Log-Analyse und Auswertung - 03.05.2010 (24)
  15. Firefox öffnet neue Tabs
    Log-Analyse und Auswertung - 02.05.2010 (10)
  16. Firefox öffnet ständig neue Fenster mit mehreren Tabs
    Log-Analyse und Auswertung - 03.01.2010 (16)
  17. Firefox öffnet neue Tabs
    Plagegeister aller Art und deren Bekämpfung - 05.12.2009 (13)

Zum Thema Win7: Firefox öffnet ständig neue Tabs, Webseiten trotz AddBlock voll mit Werbeblöcken - Hallo! Folgendes Problem mit Firefox: Es öffnen sich ständig neue Tabs mit Werbung, meist wenn man mit dem Cursor etwas ausgewählt hat, z.B. wenn ich mich in mein Email Konto - Win7: Firefox öffnet ständig neue Tabs, Webseiten trotz AddBlock voll mit Werbeblöcken...
Archiv
Du betrachtest: Win7: Firefox öffnet ständig neue Tabs, Webseiten trotz AddBlock voll mit Werbeblöcken auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.